Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/alpine-2.24+dfsg1/regex/regfree.c Examining data/alpine-2.24+dfsg1/regex/engine.c Examining data/alpine-2.24+dfsg1/regex/regerror.c Examining data/alpine-2.24+dfsg1/regex/regex.h Examining data/alpine-2.24+dfsg1/regex/utils.h Examining data/alpine-2.24+dfsg1/regex/regcomp.c Examining data/alpine-2.24+dfsg1/regex/cclass.h Examining data/alpine-2.24+dfsg1/regex/cname.h Examining data/alpine-2.24+dfsg1/regex/regex2.h Examining data/alpine-2.24+dfsg1/regex/regexec.c Examining data/alpine-2.24+dfsg1/pico/pico.c Examining data/alpine-2.24+dfsg1/pico/utf8stub.c Examining data/alpine-2.24+dfsg1/pico/random.c Examining data/alpine-2.24+dfsg1/pico/display.c Examining data/alpine-2.24+dfsg1/pico/buffer.c Examining data/alpine-2.24+dfsg1/pico/fileio.c Examining data/alpine-2.24+dfsg1/pico/headers.h Examining data/alpine-2.24+dfsg1/pico/pilot.c Examining data/alpine-2.24+dfsg1/pico/attach.c Examining data/alpine-2.24+dfsg1/pico/composer.c Examining data/alpine-2.24+dfsg1/pico/keydefs.h Examining data/alpine-2.24+dfsg1/pico/bind.c Examining data/alpine-2.24+dfsg1/pico/utf8stub.h Examining data/alpine-2.24+dfsg1/pico/line.c Examining data/alpine-2.24+dfsg1/pico/efunc.h Examining data/alpine-2.24+dfsg1/pico/browse.c Examining data/alpine-2.24+dfsg1/pico/main.c Examining data/alpine-2.24+dfsg1/pico/ebind.h Examining data/alpine-2.24+dfsg1/pico/window.c Examining data/alpine-2.24+dfsg1/pico/osdep/raw.h Examining data/alpine-2.24+dfsg1/pico/osdep/os-wnt.h Examining data/alpine-2.24+dfsg1/pico/osdep/getkey.h Examining data/alpine-2.24+dfsg1/pico/osdep/newmail.h Examining data/alpine-2.24+dfsg1/pico/osdep/signals.c Examining data/alpine-2.24+dfsg1/pico/osdep/terminal.c Examining data/alpine-2.24+dfsg1/pico/osdep/truncate.c Examining data/alpine-2.24+dfsg1/pico/osdep/read.c Examining data/alpine-2.24+dfsg1/pico/osdep/shell.c Examining data/alpine-2.24+dfsg1/pico/osdep/altedit.h Examining data/alpine-2.24+dfsg1/pico/osdep/altedit.c Examining data/alpine-2.24+dfsg1/pico/osdep/terminal.h Examining data/alpine-2.24+dfsg1/pico/osdep/spell.c Examining data/alpine-2.24+dfsg1/pico/osdep/color.c Examining data/alpine-2.24+dfsg1/pico/osdep/mouse.h Examining data/alpine-2.24+dfsg1/pico/osdep/getkey.c Examining data/alpine-2.24+dfsg1/pico/osdep/mswin_tw.c Examining data/alpine-2.24+dfsg1/pico/osdep/fsync.c Examining data/alpine-2.24+dfsg1/pico/osdep/mswin.h Examining data/alpine-2.24+dfsg1/pico/osdep/chkpoint.h Examining data/alpine-2.24+dfsg1/pico/osdep/read.h Examining data/alpine-2.24+dfsg1/pico/osdep/spell.h Examining data/alpine-2.24+dfsg1/pico/osdep/tty.c Examining data/alpine-2.24+dfsg1/pico/osdep/mswin.c Examining data/alpine-2.24+dfsg1/pico/osdep/mswin_aspell.h Examining data/alpine-2.24+dfsg1/pico/osdep/popen.c Examining data/alpine-2.24+dfsg1/pico/osdep/newmail.c Examining data/alpine-2.24+dfsg1/pico/osdep/color.h Examining data/alpine-2.24+dfsg1/pico/osdep/mswin_spell.h Examining data/alpine-2.24+dfsg1/pico/osdep/shell.h Examining data/alpine-2.24+dfsg1/pico/osdep/msmenu.h Examining data/alpine-2.24+dfsg1/pico/osdep/mswin_tw.h Examining data/alpine-2.24+dfsg1/pico/osdep/truncate.h Examining data/alpine-2.24+dfsg1/pico/osdep/chkpoint.c Examining data/alpine-2.24+dfsg1/pico/osdep/filesys.c Examining data/alpine-2.24+dfsg1/pico/osdep/filesys.h Examining data/alpine-2.24+dfsg1/pico/osdep/fsync.h Examining data/alpine-2.24+dfsg1/pico/osdep/raw.c Examining data/alpine-2.24+dfsg1/pico/osdep/mouse.c Examining data/alpine-2.24+dfsg1/pico/osdep/mswin_aspell.c Examining data/alpine-2.24+dfsg1/pico/osdep/popen.h Examining data/alpine-2.24+dfsg1/pico/osdep/signals.h Examining data/alpine-2.24+dfsg1/pico/osdep/msdlg.c Examining data/alpine-2.24+dfsg1/pico/osdep/os-win.h Examining data/alpine-2.24+dfsg1/pico/osdep/tty.h Examining data/alpine-2.24+dfsg1/pico/osdep/resource.h Examining data/alpine-2.24+dfsg1/pico/osdep/mswin_spell.c Examining data/alpine-2.24+dfsg1/pico/search.c Examining data/alpine-2.24+dfsg1/pico/estruct.h Examining data/alpine-2.24+dfsg1/pico/pico.h Examining data/alpine-2.24+dfsg1/pico/region.c Examining data/alpine-2.24+dfsg1/pico/word.c Examining data/alpine-2.24+dfsg1/pico/file.c Examining data/alpine-2.24+dfsg1/pico/mode.h Examining data/alpine-2.24+dfsg1/pico/edef.h Examining data/alpine-2.24+dfsg1/pico/blddate.c Examining data/alpine-2.24+dfsg1/pico/mswinver.c Examining data/alpine-2.24+dfsg1/pico/basic.c Examining data/alpine-2.24+dfsg1/openssl/include/openssl/asn1.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/rc4.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/bioerr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/store.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/bio.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/ssl3.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/ossl_typ.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/serializer.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/whrlpool.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/sha.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/idea.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/err.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/kdf.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/ocsperr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/core_names.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/uierr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/self_test.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/bnerr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/engineerr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/dherr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/evperr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/opensslconf.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/cmac.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/asn1err.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/sslerr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/aes.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/cmp.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/cryptoerr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/storeerr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/ecdsa.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/dh.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/esserr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/ui.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/core_dispatch.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/pkcs7err.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/core.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/evp.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/rand_drbg.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/pkcs7.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/e_os2.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/tserr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/hmac.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/x509.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/x509err.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/ecdh.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/safestack.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/cms.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/opensslv.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/md2.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/des.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/txt_db.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/rc2.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/seed.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/comperr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/macros.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/serializererr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/dsa.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/camellia.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/configuration.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/pkcs12err.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/ess.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/md4.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/http.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/ripemd.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/ebcdic.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/rand.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/cmperr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/pemerr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/objectserr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/srp.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/crmf.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/comp.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/crmferr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/srtp.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/x509v3err.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/buffererr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/fips_names.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/trace.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/asn1t.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/types.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/rsa.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/dsaerr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/x509v3.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/rsaerr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/pkcs12.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/kdferr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/ct.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/obj_mac.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/md5.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/ecerr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/ts.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/engine.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/dtls1.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/mdc2.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/blowfish.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/stack.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/x509_vfy.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/conf_api.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/async.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/ssl2.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/tls1.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/asyncerr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/pem.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/buffer.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/mac.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/cterr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/rc5.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/crypto.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/conf.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/asn1_mac.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/bn.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/objects.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/param_build.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/symhacks.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/conferr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/pem2.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/lhash.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/provider.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/randerr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/ssl.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/ocsp.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/ec.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/cmserr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/params.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/httperr.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/cast.h Examining data/alpine-2.24+dfsg1/openssl/include/openssl/cmp_util.h Examining data/alpine-2.24+dfsg1/openssl/include/__DECC_INCLUDE_PROLOGUE.H Examining data/alpine-2.24+dfsg1/openssl/include/__DECC_INCLUDE_EPILOGUE.H Examining data/alpine-2.24+dfsg1/web/src/alpined.d/ldap.h Examining data/alpine-2.24+dfsg1/web/src/alpined.d/remote.c Examining data/alpine-2.24+dfsg1/web/src/alpined.d/signal.h Examining data/alpine-2.24+dfsg1/web/src/alpined.d/alpineldap.c Examining data/alpine-2.24+dfsg1/web/src/alpined.d/debug.c Examining data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.h Examining data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c Examining data/alpine-2.24+dfsg1/web/src/alpined.d/color.c Examining data/alpine-2.24+dfsg1/web/src/alpined.d/signal.c Examining data/alpine-2.24+dfsg1/web/src/alpined.d/debug.h Examining data/alpine-2.24+dfsg1/web/src/alpined.d/imap.h Examining data/alpine-2.24+dfsg1/web/src/alpined.d/stubs.h Examining data/alpine-2.24+dfsg1/web/src/alpined.d/color.h Examining data/alpine-2.24+dfsg1/web/src/alpined.d/imap.c Examining data/alpine-2.24+dfsg1/web/src/alpined.d/busy.c Examining data/alpine-2.24+dfsg1/web/src/alpined.d/status.c Examining data/alpine-2.24+dfsg1/web/src/alpined.d/ldap.c Examining data/alpine-2.24+dfsg1/web/src/alpined.d/stubs.c Examining data/alpine-2.24+dfsg1/web/src/alpined.d/wpcomm.c Examining data/alpine-2.24+dfsg1/web/src/pubcookie/id_table.h Examining data/alpine-2.24+dfsg1/web/src/pubcookie/wp_uidmapper_lib.h Examining data/alpine-2.24+dfsg1/web/src/pubcookie/wp_uidmapper.c Examining data/alpine-2.24+dfsg1/web/src/pubcookie/wp_tclsh.c Examining data/alpine-2.24+dfsg1/web/src/pubcookie/wp_gssapi_proxy.c Examining data/alpine-2.24+dfsg1/web/src/pubcookie/wp_uidmapper_lib.c Examining data/alpine-2.24+dfsg1/web/src/pubcookie/wp_umc.c Examining data/alpine-2.24+dfsg1/web/src/pubcookie/id_table.c Examining data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c Examining data/alpine-2.24+dfsg1/alpine/init.h Examining data/alpine-2.24+dfsg1/alpine/remote.c Examining data/alpine-2.24+dfsg1/alpine/mailcmd.h Examining data/alpine-2.24+dfsg1/alpine/context.c Examining data/alpine-2.24+dfsg1/alpine/remote.h Examining data/alpine-2.24+dfsg1/alpine/addrbook.c Examining data/alpine-2.24+dfsg1/alpine/flagmaint.c Examining data/alpine-2.24+dfsg1/alpine/pipe.h Examining data/alpine-2.24+dfsg1/alpine/xoauth2conf.c Examining data/alpine-2.24+dfsg1/alpine/init.c Examining data/alpine-2.24+dfsg1/alpine/radio.h Examining data/alpine-2.24+dfsg1/alpine/signal.h Examining data/alpine-2.24+dfsg1/alpine/newmail.h Examining data/alpine-2.24+dfsg1/alpine/context.h Examining data/alpine-2.24+dfsg1/alpine/colorconf.c Examining data/alpine-2.24+dfsg1/alpine/pipe.c Examining data/alpine-2.24+dfsg1/alpine/mailpart.h Examining data/alpine-2.24+dfsg1/alpine/headers.h Examining data/alpine-2.24+dfsg1/alpine/setup.h Examining data/alpine-2.24+dfsg1/alpine/titlebar.h Examining data/alpine-2.24+dfsg1/alpine/roleconf.c Examining data/alpine-2.24+dfsg1/alpine/newuser.h Examining data/alpine-2.24+dfsg1/alpine/busy.h Examining data/alpine-2.24+dfsg1/alpine/takeaddr.h Examining data/alpine-2.24+dfsg1/alpine/kblock.c Examining data/alpine-2.24+dfsg1/alpine/mailview.c Examining data/alpine-2.24+dfsg1/alpine/signal.c Examining data/alpine-2.24+dfsg1/alpine/reply.c Examining data/alpine-2.24+dfsg1/alpine/xoauth2.h Examining data/alpine-2.24+dfsg1/alpine/addrbook.h Examining data/alpine-2.24+dfsg1/alpine/rpdump.c Examining data/alpine-2.24+dfsg1/alpine/colorconf.h Examining data/alpine-2.24+dfsg1/alpine/radio.c Examining data/alpine-2.24+dfsg1/alpine/ldapconf.c Examining data/alpine-2.24+dfsg1/alpine/confscroll.h Examining data/alpine-2.24+dfsg1/alpine/kblock.h Examining data/alpine-2.24+dfsg1/alpine/folder.h Examining data/alpine-2.24+dfsg1/alpine/setup.c Examining data/alpine-2.24+dfsg1/alpine/talk.h Examining data/alpine-2.24+dfsg1/alpine/help.c Examining data/alpine-2.24+dfsg1/alpine/xoauth2conf.h Examining data/alpine-2.24+dfsg1/alpine/adrbkcmd.c Examining data/alpine-2.24+dfsg1/alpine/smime.c Examining data/alpine-2.24+dfsg1/alpine/after.c Examining data/alpine-2.24+dfsg1/alpine/send.h Examining data/alpine-2.24+dfsg1/alpine/print.h Examining data/alpine-2.24+dfsg1/alpine/newuser.c Examining data/alpine-2.24+dfsg1/alpine/print.c Examining data/alpine-2.24+dfsg1/alpine/keymenu.h Examining data/alpine-2.24+dfsg1/alpine/alpine.h Examining data/alpine-2.24+dfsg1/alpine/arg.c Examining data/alpine-2.24+dfsg1/alpine/imap.h Examining data/alpine-2.24+dfsg1/alpine/confscroll.c Examining data/alpine-2.24+dfsg1/alpine/newmail.c Examining data/alpine-2.24+dfsg1/alpine/roleconf.h Examining data/alpine-2.24+dfsg1/alpine/arg.h Examining data/alpine-2.24+dfsg1/alpine/imap.c Examining data/alpine-2.24+dfsg1/alpine/busy.c Examining data/alpine-2.24+dfsg1/alpine/flagmaint.h Examining data/alpine-2.24+dfsg1/alpine/keymenu.c Examining data/alpine-2.24+dfsg1/alpine/status.c Examining data/alpine-2.24+dfsg1/alpine/mailindx.h Examining data/alpine-2.24+dfsg1/alpine/osdep/termout.unx.c Examining data/alpine-2.24+dfsg1/alpine/osdep/termin.gen.c Examining data/alpine-2.24+dfsg1/alpine/osdep/termout.gen.c Examining data/alpine-2.24+dfsg1/alpine/osdep/termin.wnt.h Examining data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.h Examining data/alpine-2.24+dfsg1/alpine/osdep/diskquot.hpp Examining data/alpine-2.24+dfsg1/alpine/osdep/fltrname.c Examining data/alpine-2.24+dfsg1/alpine/osdep/chnge_pw.h Examining data/alpine-2.24+dfsg1/alpine/osdep/termin.unx.h Examining data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c Examining data/alpine-2.24+dfsg1/alpine/osdep/print.h Examining data/alpine-2.24+dfsg1/alpine/osdep/print.c Examining data/alpine-2.24+dfsg1/alpine/osdep/termout.unx.h Examining data/alpine-2.24+dfsg1/alpine/osdep/termin.unx.c Examining data/alpine-2.24+dfsg1/alpine/osdep/chnge_pw.c Examining data/alpine-2.24+dfsg1/alpine/osdep/diskquot.non.c Examining data/alpine-2.24+dfsg1/alpine/osdep/fltrname.h Examining data/alpine-2.24+dfsg1/alpine/osdep/execview.h Examining data/alpine-2.24+dfsg1/alpine/osdep/debuging.h Examining data/alpine-2.24+dfsg1/alpine/osdep/jobcntrl.c Examining data/alpine-2.24+dfsg1/alpine/osdep/termin.gen.h Examining data/alpine-2.24+dfsg1/alpine/osdep/jobcntrl.h Examining data/alpine-2.24+dfsg1/alpine/osdep/termout.gen.h Examining data/alpine-2.24+dfsg1/alpine/osdep/execview.c Examining data/alpine-2.24+dfsg1/alpine/osdep/windlg.h Examining data/alpine-2.24+dfsg1/alpine/osdep/debuging.c Examining data/alpine-2.24+dfsg1/alpine/osdep/termin.wnt.c Examining data/alpine-2.24+dfsg1/alpine/osdep/mswinver.c Examining data/alpine-2.24+dfsg1/alpine/osdep/resource.h Examining data/alpine-2.24+dfsg1/alpine/titlebar.c Examining data/alpine-2.24+dfsg1/alpine/reply.h Examining data/alpine-2.24+dfsg1/alpine/listsel.c Examining data/alpine-2.24+dfsg1/alpine/folder.c Examining data/alpine-2.24+dfsg1/alpine/status.h Examining data/alpine-2.24+dfsg1/alpine/after.h Examining data/alpine-2.24+dfsg1/alpine/mailview.h Examining data/alpine-2.24+dfsg1/alpine/rpload.c Examining data/alpine-2.24+dfsg1/alpine/dispfilt.h Examining data/alpine-2.24+dfsg1/alpine/pattern.h Examining data/alpine-2.24+dfsg1/alpine/ldapconf.h Examining data/alpine-2.24+dfsg1/alpine/mailpart.c Examining data/alpine-2.24+dfsg1/alpine/adrbkcmd.h Examining data/alpine-2.24+dfsg1/alpine/send.c Examining data/alpine-2.24+dfsg1/alpine/mailindx.c Examining data/alpine-2.24+dfsg1/alpine/smime.h Examining data/alpine-2.24+dfsg1/alpine/listsel.h Examining data/alpine-2.24+dfsg1/alpine/conftype.h Examining data/alpine-2.24+dfsg1/alpine/pattern.c Examining data/alpine-2.24+dfsg1/alpine/alpine.c Examining data/alpine-2.24+dfsg1/alpine/mailcmd.c Examining data/alpine-2.24+dfsg1/alpine/help.h Examining data/alpine-2.24+dfsg1/alpine/takeaddr.c Examining data/alpine-2.24+dfsg1/alpine/dispfilt.c Examining data/alpine-2.24+dfsg1/alpine/pine-use.c Examining data/alpine-2.24+dfsg1/include/config.wnt.h Examining data/alpine-2.24+dfsg1/include/system.h Examining data/alpine-2.24+dfsg1/include/general.h Examining data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c Examining data/alpine-2.24+dfsg1/imap/src/mlock/mlock.c Examining data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c Examining data/alpine-2.24+dfsg1/imap/src/ipopd/ipop2d.c Examining data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/os_nt.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_none.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/os_ntk.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/fdstring.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip6_nt.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_nt.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/proc.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/yunchan.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/kerb_w2k.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/write.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/yunchan.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/mailfile.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/sslstdio.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/fdstring.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummy.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/nl_nt.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip4_nt.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_w2k.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/kerb_mit.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/pmatch.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/ftl_nt.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/pseudo.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/os_w2k.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/os_nt.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/pseudo.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/nt/fs_nt.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/scandir.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/ssl_none.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/phile.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tz_bsd.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/fdstring.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/nl_ami.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/log_std.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/os_ami.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/write.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/ftl_ami.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/fdstring.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/gethstid.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/fs_ami.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/os_ami.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/gr_waitp.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/pmatch.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/pseudo.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/ckp_std.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/amiga/pseudo.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/nl_dos.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dwa.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dpc.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dwa.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dwa.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dbw.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/ftl_dos.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dbw.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dos.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/fdstring.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dnv.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_wsk.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dos.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/fs_dos.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/write.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/fdstring.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummy.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dnv.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/pmatch.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dpc.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dnf.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_wsk.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dnf.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dwa.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/wce/os_wce.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/wce/os_wce.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/wce/dummywce.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/wce/fs_wce.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/wce/nl_wce.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/wce/dummy.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/wce/ftl_wce.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/wce/pmatch.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/mac/linkage.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/mac/env_mac.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/mac/os_mac.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/mac/tcp_mac.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/mac/env_mac.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/mac/fs_mac.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/mac/dummy.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/mac/osdep.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/mac/linkage.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/mac/tcp_mac.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/mac/nl_mac.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/mac/ftl_mac.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/mac/os_mac.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/mac/pmatch.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/mac/dummymac.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/linkage.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/fs_t20.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/tcp_t20.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/log_t20.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/ftl_t20.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/nl_t20.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/env_t20.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/shortsym.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/dummy.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/env_t20.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/os_t20.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/linkage.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/dummyt20.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/pmatch.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/os_t20.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/tcp_t20.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/getspnam.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_ssn.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/scandir.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_afs.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_none.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_a32.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_slx.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_qn6.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip4_unix.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/phile.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_a52.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_lyn.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_mct.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/setpgrp.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/utime.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_a41.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_aux.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/log_bsi.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_aos.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/opendir.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/crx_nfs.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/fs_unix.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_os4.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_bsd.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/truncate.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/tz_bsd.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_ult.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_d-g.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sgi.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_gss.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sv2.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_lnx.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_bsf.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sun.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_bsd.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/flockcyg.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/fdstring.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocklnx.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_mnt.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/log_cyg.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_dyn.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_nxt.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sc5.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_dyn.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_pam.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_lyn.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_a52.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_cyg.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_cvx.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_2nd.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/tz_nul.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_bsi.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_nto.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_isc.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sos.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_nul.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_art.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_do4.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/fsync.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_aix.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_ult.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_qnx.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_isc.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/log_std.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ftl_unix.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sos.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_mct.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_vu2.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/strerror.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_pyr.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_vu2.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_ult.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sua.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_a41.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/log_os4.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sv4.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_sv4.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/gr_wait4.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_3rd.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_sec.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_osf.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/log_sec.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/write.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_asv.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/sig_psx.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip6_unix.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_bsi.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_psx.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_a32.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/sig_bsd.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sc5.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/flockcyg.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_cvx.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_bsf.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_drs.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sco.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sua.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_drs.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_qnx.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/sslstdio.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sun.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/fdstring.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sv4.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_lnx.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_nto.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_a41.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/crx_std.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/gr_wait.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/rename.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_svo.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_os4.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/gethstid.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_solo.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_sce.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_1st.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_cyg.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_dce.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_soln.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/nl_unix.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_os4.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_d-g.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_aix.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_qn6.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/tz_sv4.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/log_sv4.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_aux.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_do4.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_asv.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sgi.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/gr_waitp.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_s40.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_hpp.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_nxt.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/kerb_mit.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_shp.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sco.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/pmatch.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_ptx.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/pseudo.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_std.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_s40.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_osf.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/sig_sv4.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_osx.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_slx.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_art.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_osx.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/pseudo.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_bsi.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_aos.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_mnt.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_pyr.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_ptx.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sol.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/log_old.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_hpp.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_shp.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_cyg.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sv2.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_pmb.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/os2/nl_os2.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/os2/tcp_os2.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/os2/os_os2.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/os2/write.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummy.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/os2/fs_os2.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/os2/pmatch.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/os2/pseudo.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/os2/os_os2.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/os2/ftl_os2.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/os2/tcp_os2.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/os2/pseudo.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/vms/linkage.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsl.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/vms/dummyvms.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsn.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/vms/nl_vms.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/vms/fs_vms.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/vms/dummy.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/vms/ftl_vms.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/vms/os_vms.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/vms/env_vms.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/vms/linkage.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vms.h Examining data/alpine-2.24+dfsg1/imap/src/osdep/vms/os_vms.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/vms/env_vms.c Examining data/alpine-2.24+dfsg1/imap/src/osdep/vms/pmatch.c Examining data/alpine-2.24+dfsg1/imap/src/charset/jis_0212.c Examining data/alpine-2.24+dfsg1/imap/src/charset/big5.c Examining data/alpine-2.24+dfsg1/imap/src/charset/iso_8859.c Examining data/alpine-2.24+dfsg1/imap/src/charset/cns11643.c Examining data/alpine-2.24+dfsg1/imap/src/charset/gb_2312.c Examining data/alpine-2.24+dfsg1/imap/src/charset/viscii.c Examining data/alpine-2.24+dfsg1/imap/src/charset/ksc_5601.c Examining data/alpine-2.24+dfsg1/imap/src/charset/gb_12345.c Examining data/alpine-2.24+dfsg1/imap/src/charset/ibm.c Examining data/alpine-2.24+dfsg1/imap/src/charset/tis_620.c Examining data/alpine-2.24+dfsg1/imap/src/charset/koi8_u.c Examining data/alpine-2.24+dfsg1/imap/src/charset/jis_0208.c Examining data/alpine-2.24+dfsg1/imap/src/charset/tmap.c Examining data/alpine-2.24+dfsg1/imap/src/charset/decomtab.c Examining data/alpine-2.24+dfsg1/imap/src/charset/windows.c Examining data/alpine-2.24+dfsg1/imap/src/charset/koi8_r.c Examining data/alpine-2.24+dfsg1/imap/src/charset/widths.c Examining data/alpine-2.24+dfsg1/imap/src/dmail/dquota.h Examining data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c Examining data/alpine-2.24+dfsg1/imap/src/dmail/dquota.c Examining data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c Examining data/alpine-2.24+dfsg1/imap/src/tmail/tquota.h Examining data/alpine-2.24+dfsg1/imap/src/tmail/tquota.c Examining data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/mail.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/json.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.h Examining data/alpine-2.24+dfsg1/imap/src/c-client/c-client.h Examining data/alpine-2.24+dfsg1/imap/src/c-client/flstring.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/env.h Examining data/alpine-2.24+dfsg1/imap/src/c-client/flstring.h Examining data/alpine-2.24+dfsg1/imap/src/c-client/utf8aux.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/sslio.h Examining data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/auth_bea.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/mail.h Examining data/alpine-2.24+dfsg1/imap/src/c-client/auth_pla.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.h Examining data/alpine-2.24+dfsg1/imap/src/c-client/smanager.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.h Examining data/alpine-2.24+dfsg1/imap/src/c-client/smtp.h Examining data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/http.h Examining data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/netmsg.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/netmsg.h Examining data/alpine-2.24+dfsg1/imap/src/c-client/nntp.h Examining data/alpine-2.24+dfsg1/imap/src/c-client/misc.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/json.h Examining data/alpine-2.24+dfsg1/imap/src/c-client/utf8aux.h Examining data/alpine-2.24+dfsg1/imap/src/c-client/auth_ext.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/http.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/ftl.h Examining data/alpine-2.24+dfsg1/imap/src/c-client/tcp.h Examining data/alpine-2.24+dfsg1/imap/src/c-client/fs.h Examining data/alpine-2.24+dfsg1/imap/src/c-client/auth_oa2.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/auth_ntl.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/auth_log.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/utf8.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.h Examining data/alpine-2.24+dfsg1/imap/src/c-client/nl.h Examining data/alpine-2.24+dfsg1/imap/src/c-client/utf8.h Examining data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c Examining data/alpine-2.24+dfsg1/imap/src/c-client/misc.h Examining data/alpine-2.24+dfsg1/imap/src/ansilib/memmove2.c Examining data/alpine-2.24+dfsg1/imap/src/ansilib/strtok.c Examining data/alpine-2.24+dfsg1/imap/src/ansilib/strstr.c Examining data/alpine-2.24+dfsg1/imap/src/ansilib/memset.c Examining data/alpine-2.24+dfsg1/imap/src/ansilib/strtoul.c Examining data/alpine-2.24+dfsg1/imap/src/ansilib/memmove.c Examining data/alpine-2.24+dfsg1/imap/src/ansilib/strpbrk.c Examining data/alpine-2.24+dfsg1/imap/tools/uahelper.c Examining data/alpine-2.24+dfsg1/ldap/inckit/ldap.h Examining data/alpine-2.24+dfsg1/ldap/inckit/msdos.h Examining data/alpine-2.24+dfsg1/ldap/inckit/srchpref.h Examining data/alpine-2.24+dfsg1/ldap/inckit/lber.h Examining data/alpine-2.24+dfsg1/ldap/inckit/proto-lb.h Examining data/alpine-2.24+dfsg1/ldap/inckit/proto-ld.h Examining data/alpine-2.24+dfsg1/ldap/inckit/disptmpl.h Examining data/alpine-2.24+dfsg1/ldap/kbind.c Examining data/alpine-2.24+dfsg1/mapi/pmapi.c Examining data/alpine-2.24+dfsg1/mapi/instmapi.c Examining data/alpine-2.24+dfsg1/mapi/smapi.c Examining data/alpine-2.24+dfsg1/mapi/pmapi.h Examining data/alpine-2.24+dfsg1/mapi/rfc1522.c Examining data/alpine-2.24+dfsg1/mapi/resource.h Examining data/alpine-2.24+dfsg1/pith/ldap.h Examining data/alpine-2.24+dfsg1/pith/keyword.c Examining data/alpine-2.24+dfsg1/pith/stream.c Examining data/alpine-2.24+dfsg1/pith/init.h Examining data/alpine-2.24+dfsg1/pith/remote.c Examining data/alpine-2.24+dfsg1/pith/copyaddr.h Examining data/alpine-2.24+dfsg1/pith/store.h Examining data/alpine-2.24+dfsg1/pith/mailcmd.h Examining data/alpine-2.24+dfsg1/pith/context.c Examining data/alpine-2.24+dfsg1/pith/bitmap.h Examining data/alpine-2.24+dfsg1/pith/remote.h Examining data/alpine-2.24+dfsg1/pith/detach.c Examining data/alpine-2.24+dfsg1/pith/addrbook.c Examining data/alpine-2.24+dfsg1/pith/readfile.c Examining data/alpine-2.24+dfsg1/pith/pipe.h Examining data/alpine-2.24+dfsg1/pith/foldertype.h Examining data/alpine-2.24+dfsg1/pith/init.c Examining data/alpine-2.24+dfsg1/pith/icache.h Examining data/alpine-2.24+dfsg1/pith/maillist.h Examining data/alpine-2.24+dfsg1/pith/signal.h Examining data/alpine-2.24+dfsg1/pith/url.h Examining data/alpine-2.24+dfsg1/pith/rfc2231.h Examining data/alpine-2.24+dfsg1/pith/newmail.h Examining data/alpine-2.24+dfsg1/pith/context.h Examining data/alpine-2.24+dfsg1/pith/abdlc.h Examining data/alpine-2.24+dfsg1/pith/detoken.h Examining data/alpine-2.24+dfsg1/pith/remtype.h Examining data/alpine-2.24+dfsg1/pith/text.c Examining data/alpine-2.24+dfsg1/pith/pipe.c Examining data/alpine-2.24+dfsg1/pith/news.c Examining data/alpine-2.24+dfsg1/pith/smkeys.h Examining data/alpine-2.24+dfsg1/pith/string.c Examining data/alpine-2.24+dfsg1/pith/mailpart.h Examining data/alpine-2.24+dfsg1/pith/maillist.c Examining data/alpine-2.24+dfsg1/pith/headers.h Examining data/alpine-2.24+dfsg1/pith/smkeys.c Examining data/alpine-2.24+dfsg1/pith/strlst.c Examining data/alpine-2.24+dfsg1/pith/save.h Examining data/alpine-2.24+dfsg1/pith/sort.h Examining data/alpine-2.24+dfsg1/pith/detoken.c Examining data/alpine-2.24+dfsg1/pith/busy.h Examining data/alpine-2.24+dfsg1/pith/helpindx.c Examining data/alpine-2.24+dfsg1/pith/mailcap.h Examining data/alpine-2.24+dfsg1/pith/hist.h Examining data/alpine-2.24+dfsg1/pith/stream.h Examining data/alpine-2.24+dfsg1/pith/text.h Examining data/alpine-2.24+dfsg1/pith/flag.c Examining data/alpine-2.24+dfsg1/pith/takeaddr.h Examining data/alpine-2.24+dfsg1/pith/color.c Examining data/alpine-2.24+dfsg1/pith/state.c Examining data/alpine-2.24+dfsg1/pith/indxtype.h Examining data/alpine-2.24+dfsg1/pith/detach.h Examining data/alpine-2.24+dfsg1/pith/msgno.c Examining data/alpine-2.24+dfsg1/pith/mailview.c Examining data/alpine-2.24+dfsg1/pith/filter.h Examining data/alpine-2.24+dfsg1/pith/reply.c Examining data/alpine-2.24+dfsg1/pith/mimedesc.h Examining data/alpine-2.24+dfsg1/pith/addrbook.h Examining data/alpine-2.24+dfsg1/pith/escapes.c Examining data/alpine-2.24+dfsg1/pith/string.h Examining data/alpine-2.24+dfsg1/pith/folder.h Examining data/alpine-2.24+dfsg1/pith/icaltype.h Examining data/alpine-2.24+dfsg1/pith/help.c Examining data/alpine-2.24+dfsg1/pith/msgno.h Examining data/alpine-2.24+dfsg1/pith/help_c_gen.c Examining data/alpine-2.24+dfsg1/pith/adrbklib.h Examining data/alpine-2.24+dfsg1/pith/tempfile.h Examining data/alpine-2.24+dfsg1/pith/help_h_gen.c Examining data/alpine-2.24+dfsg1/pith/adjtime.c Examining data/alpine-2.24+dfsg1/pith/debug.h Examining data/alpine-2.24+dfsg1/pith/search.h Examining data/alpine-2.24+dfsg1/pith/smime.c Examining data/alpine-2.24+dfsg1/pith/filttype.h Examining data/alpine-2.24+dfsg1/pith/send.h Examining data/alpine-2.24+dfsg1/pith/sequence.h Examining data/alpine-2.24+dfsg1/pith/strlst.h Examining data/alpine-2.24+dfsg1/pith/rfc2231.c Examining data/alpine-2.24+dfsg1/pith/ical.h Examining data/alpine-2.24+dfsg1/pith/adrbklib.c Examining data/alpine-2.24+dfsg1/pith/keyword.h Examining data/alpine-2.24+dfsg1/pith/mailcap.c Examining data/alpine-2.24+dfsg1/pith/pineelt.h Examining data/alpine-2.24+dfsg1/pith/addrstring.c Examining data/alpine-2.24+dfsg1/pith/charset.c Examining data/alpine-2.24+dfsg1/pith/handle.h Examining data/alpine-2.24+dfsg1/pith/margin.h Examining data/alpine-2.24+dfsg1/pith/thread.c Examining data/alpine-2.24+dfsg1/pith/imap.h Examining data/alpine-2.24+dfsg1/pith/margin.c Examining data/alpine-2.24+dfsg1/pith/editorial.h Examining data/alpine-2.24+dfsg1/pith/thread.h Examining data/alpine-2.24+dfsg1/pith/charset.h Examining data/alpine-2.24+dfsg1/pith/newmail.c Examining data/alpine-2.24+dfsg1/pith/color.h Examining data/alpine-2.24+dfsg1/pith/tempfile.c Examining data/alpine-2.24+dfsg1/pith/mimedesc.c Examining data/alpine-2.24+dfsg1/pith/imap.c Examining data/alpine-2.24+dfsg1/pith/util.h Examining data/alpine-2.24+dfsg1/pith/atttype.h Examining data/alpine-2.24+dfsg1/pith/state.h Examining data/alpine-2.24+dfsg1/pith/handle.c Examining data/alpine-2.24+dfsg1/pith/icache.c Examining data/alpine-2.24+dfsg1/pith/status.c Examining data/alpine-2.24+dfsg1/pith/store.c Examining data/alpine-2.24+dfsg1/pith/mailindx.h Examining data/alpine-2.24+dfsg1/pith/util.c Examining data/alpine-2.24+dfsg1/pith/adjtime.h Examining data/alpine-2.24+dfsg1/pith/osdep/temp_nam.c Examining data/alpine-2.24+dfsg1/pith/osdep/bldpath.h Examining data/alpine-2.24+dfsg1/pith/osdep/rename.h Examining data/alpine-2.24+dfsg1/pith/osdep/pipe.h Examining data/alpine-2.24+dfsg1/pith/osdep/filesize.c Examining data/alpine-2.24+dfsg1/pith/osdep/writ_dir.c Examining data/alpine-2.24+dfsg1/pith/osdep/forkwait.h Examining data/alpine-2.24+dfsg1/pith/osdep/coredump.h Examining data/alpine-2.24+dfsg1/pith/osdep/pw_stuff.c Examining data/alpine-2.24+dfsg1/pith/osdep/pipe.c Examining data/alpine-2.24+dfsg1/pith/osdep/hostname.c Examining data/alpine-2.24+dfsg1/pith/osdep/collate.h Examining data/alpine-2.24+dfsg1/pith/osdep/err_desc.h Examining data/alpine-2.24+dfsg1/pith/osdep/lstcmpnt.h Examining data/alpine-2.24+dfsg1/pith/osdep/debugtime.h Examining data/alpine-2.24+dfsg1/pith/osdep/pithosd.h Examining data/alpine-2.24+dfsg1/pith/osdep/fnexpand.h Examining data/alpine-2.24+dfsg1/pith/osdep/color.c Examining data/alpine-2.24+dfsg1/pith/osdep/pw_stuff.h Examining data/alpine-2.24+dfsg1/pith/osdep/collate.c Examining data/alpine-2.24+dfsg1/pith/osdep/hostname.h Examining data/alpine-2.24+dfsg1/pith/osdep/creatdir.h Examining data/alpine-2.24+dfsg1/pith/osdep/err_desc.c Examining data/alpine-2.24+dfsg1/pith/osdep/domnames.h Examining data/alpine-2.24+dfsg1/pith/osdep/canaccess.h Examining data/alpine-2.24+dfsg1/pith/osdep/domnames.c Examining data/alpine-2.24+dfsg1/pith/osdep/mimedisp.c Examining data/alpine-2.24+dfsg1/pith/osdep/tempfile.h Examining data/alpine-2.24+dfsg1/pith/osdep/lstcmpnt.c Examining data/alpine-2.24+dfsg1/pith/osdep/creatdir.c Examining data/alpine-2.24+dfsg1/pith/osdep/canonicl.c Examining data/alpine-2.24+dfsg1/pith/osdep/color.h Examining data/alpine-2.24+dfsg1/pith/osdep/tempfile.c Examining data/alpine-2.24+dfsg1/pith/osdep/debugtime.c Examining data/alpine-2.24+dfsg1/pith/osdep/canaccess.c Examining data/alpine-2.24+dfsg1/pith/osdep/fgetpos.c Examining data/alpine-2.24+dfsg1/pith/osdep/filesize.h Examining data/alpine-2.24+dfsg1/pith/osdep/bldpath.c Examining data/alpine-2.24+dfsg1/pith/osdep/rename.c Examining data/alpine-2.24+dfsg1/pith/osdep/canonicl.h Examining data/alpine-2.24+dfsg1/pith/osdep/mimedisp.h Examining data/alpine-2.24+dfsg1/pith/osdep/temp_nam.h Examining data/alpine-2.24+dfsg1/pith/osdep/coredump.c Examining data/alpine-2.24+dfsg1/pith/osdep/writ_dir.h Examining data/alpine-2.24+dfsg1/pith/osdep/fgetpos.h Examining data/alpine-2.24+dfsg1/pith/osdep/fnexpand.c Examining data/alpine-2.24+dfsg1/pith/bldaddr.c Examining data/alpine-2.24+dfsg1/pith/user.h Examining data/alpine-2.24+dfsg1/pith/reply.h Examining data/alpine-2.24+dfsg1/pith/body.c Examining data/alpine-2.24+dfsg1/pith/body.h Examining data/alpine-2.24+dfsg1/pith/list.c Examining data/alpine-2.24+dfsg1/pith/addrstring.h Examining data/alpine-2.24+dfsg1/pith/folder.c Examining data/alpine-2.24+dfsg1/pith/readfile.h Examining data/alpine-2.24+dfsg1/pith/mimetype.h Examining data/alpine-2.24+dfsg1/pith/search.c Examining data/alpine-2.24+dfsg1/pith/status.h Examining data/alpine-2.24+dfsg1/pith/copyaddr.c Examining data/alpine-2.24+dfsg1/pith/repltype.h Examining data/alpine-2.24+dfsg1/pith/url.c Examining data/alpine-2.24+dfsg1/pith/options.h Examining data/alpine-2.24+dfsg1/pith/list.h Examining data/alpine-2.24+dfsg1/pith/mailview.h Examining data/alpine-2.24+dfsg1/pith/hist.c Examining data/alpine-2.24+dfsg1/pith/editorial.c Examining data/alpine-2.24+dfsg1/pith/savetype.h Examining data/alpine-2.24+dfsg1/pith/sort.c Examining data/alpine-2.24+dfsg1/pith/ablookup.h Examining data/alpine-2.24+dfsg1/pith/sorttype.h Examining data/alpine-2.24+dfsg1/pith/pattern.h Examining data/alpine-2.24+dfsg1/pith/abdlc.c Examining data/alpine-2.24+dfsg1/pith/ical.c Examining data/alpine-2.24+dfsg1/pith/news.h Examining data/alpine-2.24+dfsg1/pith/conf.h Examining data/alpine-2.24+dfsg1/pith/save.c Examining data/alpine-2.24+dfsg1/pith/send.c Examining data/alpine-2.24+dfsg1/pith/mailindx.c Examining data/alpine-2.24+dfsg1/pith/ablookup.c Examining data/alpine-2.24+dfsg1/pith/smime.h Examining data/alpine-2.24+dfsg1/pith/bldaddr.h Examining data/alpine-2.24+dfsg1/pith/ldap.c Examining data/alpine-2.24+dfsg1/pith/mimetype.c Examining data/alpine-2.24+dfsg1/pith/conftype.h Examining data/alpine-2.24+dfsg1/pith/sequence.c Examining data/alpine-2.24+dfsg1/pith/charconv/filesys.c Examining data/alpine-2.24+dfsg1/pith/charconv/filesys.h Examining data/alpine-2.24+dfsg1/pith/charconv/utf8.c Examining data/alpine-2.24+dfsg1/pith/charconv/utf8.h Examining data/alpine-2.24+dfsg1/pith/pattern.c Examining data/alpine-2.24+dfsg1/pith/flag.h Examining data/alpine-2.24+dfsg1/pith/mailcmd.c Examining data/alpine-2.24+dfsg1/pith/help.h Examining data/alpine-2.24+dfsg1/pith/takeaddr.c Examining data/alpine-2.24+dfsg1/pith/escapes.h Examining data/alpine-2.24+dfsg1/pith/filter.c Examining data/alpine-2.24+dfsg1/pith/conf.c FINAL RESULTS: data/alpine-2.24+dfsg1/alpine/roleconf.c:7170:3: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. strncat(ctmp->varname, "=", NOTLEN); data/alpine-2.24+dfsg1/imap/src/mlock/mlock.c:131:7: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod (hitch,LOCKPROTECTION); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:887:7: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod (base->lock,(int) lock_protection); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:915:7: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod (base->lock,(int) lock_protection); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:1112:3: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod (lock,(int) lock_protection); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:1191:3: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod (path,mode); /* set the new protection, ignore failure */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:652:7: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod (LOCAL->lname,(long) mail_parameters (NIL,GET_LOCKPROTECTION,NIL)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:513:7: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod (LOCAL->lname,(long) mail_parameters (NIL,GET_LOCKPROTECTION,NIL)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1199:7: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod (base->lock,(int) dotlock_mode); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1217:7: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod (base->lock,(int) dotlock_mode); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1427:3: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod (lock,shlock_mode); /* make sure mode OK (don't use fchmod()) */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1506:3: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod (path,mode); /* set the new protection, ignore failure */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:654:7: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod (LOCAL->lname,(long) mail_parameters (NIL,GET_LOCKPROTECTION,NIL)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:515:7: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod (LOCAL->lname,(long) mail_parameters (NIL,GET_LOCKPROTECTION,NIL)); data/alpine-2.24+dfsg1/openssl/include/openssl/bio.h:826:29: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. int (*gets) (BIO *, char *, int)); data/alpine-2.24+dfsg1/pith/charconv/filesys.c:621:12: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. return(chmod(fname_to_locale(path), mode)); data/alpine-2.24+dfsg1/pith/charconv/filesys.c:632:12: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. return(chown(fname_to_locale(path), owner, group)); data/alpine-2.24+dfsg1/alpine/addrbook.c:2650:15: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(pab->access != NoAccess){ data/alpine-2.24+dfsg1/alpine/addrbook.c:5509:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(prompt, sizeof(prompt), fmt, "Nickname"); data/alpine-2.24+dfsg1/alpine/addrbook.c:5512:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(prompt, sizeof(prompt), fmt, "All Text"); data/alpine-2.24+dfsg1/alpine/addrbook.c:5515:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(prompt, sizeof(prompt), fmt, "Fullname"); data/alpine-2.24+dfsg1/alpine/addrbook.c:5518:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(prompt, sizeof(prompt), fmt, "addresses"); data/alpine-2.24+dfsg1/alpine/addrbook.c:5521:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(prompt, sizeof(prompt), fmt, "Comment"); data/alpine-2.24+dfsg1/alpine/addrbook.c:5524:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(prompt, sizeof(prompt), fmt, "Fcc"); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2021:36: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. remember_access_result = pab->access; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2385:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(prompt,sizeof(prompt), data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2419:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(prompt, sizeof(prompt), data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2474:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(prompt,sizeof(prompt), data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2527:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(prompt, sizeof(prompt), data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:3130:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp, sizeof(tmp), data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:3387:32: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(pab->type & GLOBAL && pab->access != NoAccess) data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:3940:11: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(pab->access != NoAccess) data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:3946:11: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(pab->access != NoAccess && pab->access != MaybeRorW) data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:3946:38: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(pab->access != NoAccess && pab->access != MaybeRorW) data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:6389:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(prompt, sizeof(prompt), cmd, dname); data/alpine-2.24+dfsg1/alpine/alpine.c:2262:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), mkeys[cmd].key_and_name[0] ? _(mkeys[cmd].key_and_name) : "", data/alpine-2.24+dfsg1/alpine/alpine.c:2291:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), mkeys[cmd].key_and_name[0] ? _(mkeys[cmd].key_and_name) : "", data/alpine-2.24+dfsg1/alpine/arg.c:232:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(options[nlines++], "%s%s \\", prefix, s+1); data/alpine-2.24+dfsg1/alpine/arg.c:245:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(options[nlines], prefix); data/alpine-2.24+dfsg1/alpine/arg.c:246:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(options[nlines], s+1); data/alpine-2.24+dfsg1/alpine/arg.c:464:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, _(args_err_conflict), "-copy_pinerc"); data/alpine-2.24+dfsg1/alpine/arg.c:486:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, _(args_err_conflict), "-copy_abook"); data/alpine-2.24+dfsg1/alpine/arg.c:518:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, _(args_err_conflict), "-url"); data/alpine-2.24+dfsg1/alpine/arg.c:537:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, _(args_err_missing_attachment), "-attach"); data/alpine-2.24+dfsg1/alpine/arg.c:544:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, _(args_err_conflict), "-attach"); data/alpine-2.24+dfsg1/alpine/arg.c:571:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, _(args_err_missing_attachment), "-attachList"); data/alpine-2.24+dfsg1/alpine/arg.c:578:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, _(args_err_conflict), "-attachList"); data/alpine-2.24+dfsg1/alpine/arg.c:597:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, _(args_err_missing_attachment), "-attach_and_delete"); data/alpine-2.24+dfsg1/alpine/arg.c:604:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, _(args_err_conflict), "-attach_and_delete"); data/alpine-2.24+dfsg1/alpine/arg.c:745:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, _(args_err_missing_flag_arg), c); data/alpine-2.24+dfsg1/alpine/arg.c:789:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, _(args_err_missing_flag_arg), c); data/alpine-2.24+dfsg1/alpine/arg.c:802:10: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, _(args_err_conflict), "-f"); data/alpine-2.24+dfsg1/alpine/arg.c:815:10: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, _(args_err_conflict), "-F"); data/alpine-2.24+dfsg1/alpine/arg.c:903:10: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, data/alpine-2.24+dfsg1/alpine/arg.c:916:10: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, data/alpine-2.24+dfsg1/alpine/arg.c:934:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, _(args_err_unknown), c); data/alpine-2.24+dfsg1/alpine/arg.c:957:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, _(args_err_conflict), *av); data/alpine-2.24+dfsg1/alpine/arg.c:974:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, _(args_err_I_error), cmd_list, error); data/alpine-2.24+dfsg1/alpine/arg.c:1024:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, args_err_internal, error); data/alpine-2.24+dfsg1/alpine/arg.c:1049:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp1,"%s=%s", ps_global->vars[V_XOAUTH2_INFO].name, tmp2); data/alpine-2.24+dfsg1/alpine/arg.c:1115:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, _(args_err_d_error), debug_str, error); data/alpine-2.24+dfsg1/alpine/arg.c:1130:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, _(args_err_missing_debug_num), *p); data/alpine-2.24+dfsg1/alpine/arg.c:1151:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, _(args_err_missing_debug_num), *p); data/alpine-2.24+dfsg1/alpine/arg.c:1163:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, _(args_err_missing_debug_num), *p); data/alpine-2.24+dfsg1/alpine/arg.c:1177:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, _(args_err_missing_debug_num), *p); data/alpine-2.24+dfsg1/alpine/arg.c:1192:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, _(args_err_missing_debug_num), *p); data/alpine-2.24+dfsg1/alpine/folder.c:6040:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp, sizeof(tmp), context->context, folder); data/alpine-2.24+dfsg1/alpine/imap.c:377:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s (%s)", oa2list->name, method); data/alpine-2.24+dfsg1/alpine/imap.c:491:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, _("<CENTER>Authorizing Alpine Access to %s Email Services</CENTER>"), name); data/alpine-2.24+dfsg1/alpine/imap.c:493:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, _("<P>Alpine is attempting to log you into your %s account, using the %s method."), name, method), data/alpine-2.24+dfsg1/alpine/imap.c:497:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, data/alpine-2.24+dfsg1/alpine/imap.c:507:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, _(" When you open this link, you will be sent to %s's servers to complete this process."), name); data/alpine-2.24+dfsg1/alpine/imap.c:668:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, _("<CENTER>Authorizing Alpine Access to %s Email Services</CENTER>"), oauth2->name); data/alpine-2.24+dfsg1/alpine/imap.c:670:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, _("<P>Alpine is attempting to log you into your %s account, using the %s method."), oauth2->name, method), data/alpine-2.24+dfsg1/alpine/imap.c:691:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp_20k_buf, _("<A HREF=\"%s\">%s</A>"), url, url); data/alpine-2.24+dfsg1/alpine/imap.c:695:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, _(" When you open this link, you will be sent to %s's servers to complete this process."), oauth2->name); data/alpine-2.24+dfsg1/alpine/imap.c:820:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prompt, "%s: ", accesscodelabel); data/alpine-2.24+dfsg1/alpine/imap.c:962:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prompt, "%s: %s - %s: ", hostlabel, mb->orighost, userlabel); data/alpine-2.24+dfsg1/alpine/imap.c:1204:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(token, "%s%c%s%c%lu", data/alpine-2.24+dfsg1/alpine/imap.c:2327:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system("csh"); data/alpine-2.24+dfsg1/alpine/imap.c:3017:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prompt, "%s: ", accesscodelabel); data/alpine-2.24+dfsg1/alpine/imap.c:3700:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(blob, "%s%c%d", authtype, PWDAUTHSEP, l->altflag); data/alpine-2.24+dfsg1/alpine/imap.c:3750:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(blob, "%s%c%d", authtype, PWDAUTHSEP, l->altflag); data/alpine-2.24+dfsg1/alpine/imap.c:3833:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(blob, "%s%c%d", authtype, PWDAUTHSEP, l->altflag); data/alpine-2.24+dfsg1/alpine/init.c:90:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, init_md_exists, ps->folders_dir); data/alpine-2.24+dfsg1/alpine/init.c:95:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, init_md_file, ps->folders_dir); data/alpine-2.24+dfsg1/alpine/init.c:100:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, init_md_create, ps->folders_dir); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4947:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(prompt_buf, sizeof(prompt_buf), data/alpine-2.24+dfsg1/alpine/mailcmd.c:4972:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(prompt_buf, sizeof(prompt_buf), data/alpine-2.24+dfsg1/alpine/mailpart.c:2132:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_path, "file://%s", filename); data/alpine-2.24+dfsg1/alpine/osdep/chnge_pw.c:59:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(cmd_buf); data/alpine-2.24+dfsg1/alpine/osdep/debuging.c:293:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(debugfile, fmt, args); data/alpine-2.24+dfsg1/alpine/osdep/debuging.c:320:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(b, sizeof(b), fmt, args); data/alpine-2.24+dfsg1/alpine/osdep/execview.c:331:13: [4] (shell) WinExec: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return((WinExec(cmd, SW_SHOWMINNOACTIVE) < 32) ? 1 : 0); data/alpine-2.24+dfsg1/alpine/osdep/print.c:525:34: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. if(!ps_global->print->err && snprintf(buf, sizeof(buf), line, a1) < 0) data/alpine-2.24+dfsg1/alpine/osdep/termin.unx.c:728:15: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. if((pw = getpass(prompt)) != NULL){ data/alpine-2.24+dfsg1/alpine/osdep/termout.gen.c:335:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buffer, sizeof(buffer), line, arg1); data/alpine-2.24+dfsg1/alpine/osdep/termout.gen.c:356:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buffer, sizeof(buffer), line, arg1, arg2); data/alpine-2.24+dfsg1/alpine/osdep/termout.gen.c:377:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buffer, sizeof(buffer), line, arg1, arg2, arg3); data/alpine-2.24+dfsg1/alpine/osdep/termout.gen.c:399:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buffer, sizeof(buffer), line, arg1, arg2, arg3, arg4); data/alpine-2.24+dfsg1/alpine/osdep/termout.gen.c:422:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buffer, sizeof(buffer), line, arg1, arg2, arg3, arg4, arg5); data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:977:2: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tcbuf, sizeof(tcbuf), TEXT("Host: %.100s%s"), host_lptstr, data/alpine-2.24+dfsg1/alpine/pine-use.c:105:12: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(access(filename, 0) == 0) data/alpine-2.24+dfsg1/alpine/pine-use.c:167:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), MAILSPOOLPCTS, user); data/alpine-2.24+dfsg1/alpine/reply.c:2112:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(rd->access != NoExists){ data/alpine-2.24+dfsg1/alpine/reply.c:2143:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(rd->access != ReadWrite || rd_remote_is_readonly(rd)){ data/alpine-2.24+dfsg1/alpine/roleconf.c:8056:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, buflen, fmt, q); data/alpine-2.24+dfsg1/alpine/rpdump.c:85:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, ustr, argv[0]); data/alpine-2.24+dfsg1/alpine/rpdump.c:100:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, ustr, argv[0]); data/alpine-2.24+dfsg1/alpine/rpdump.c:152:5: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(access(local, WRITE_ACCESS) == 0){ data/alpine-2.24+dfsg1/alpine/rpdump.c:751:15: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. if((pw = getpass(prompt)) != NULL){ data/alpine-2.24+dfsg1/alpine/rpload.c:89:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, ustr, argv[0]); data/alpine-2.24+dfsg1/alpine/rpload.c:112:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, ustr, argv[0]); data/alpine-2.24+dfsg1/alpine/rpload.c:128:8: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(access(local, ACCESS_EXISTS) != 0){ data/alpine-2.24+dfsg1/alpine/rpload.c:133:8: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(access(local, READ_ACCESS) != 0){ data/alpine-2.24+dfsg1/alpine/rpload.c:989:15: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. if((pw = getpass(prompt)) != NULL){ data/alpine-2.24+dfsg1/alpine/signal.c:825:14: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. result = system(shell); data/alpine-2.24+dfsg1/alpine/smime.c:1627:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp, sizeof(tmp), u, data/alpine-2.24+dfsg1/alpine/smime.c:1665:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, _("List of %s certificates"), ctype == Public ? _("public") data/alpine-2.24+dfsg1/alpine/smime.c:1728:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp, sizeof(tmp), u, data/alpine-2.24+dfsg1/alpine/takeaddr.c:922:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(pab->access != ReadWrite){ data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:103:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(rv, list[i]); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:140:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rv, "%s\"%s\" %s\"%s\"", XNAME, x->name, XID, x->client_id); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:142:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rv + strlen(rv), " %s\"%s\"", XSECRET, x->client_secret); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:144:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rv + strlen(rv), " %s\"%s\"", XTENANT, x->tenant); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:145:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rv + strlen(rv), " %s\"%s\"", XUSER, x->users ? x->users : ""); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:147:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rv + strlen(rv), " %s\"%s\"", XFLOW, x->flow ? x->flow : ""); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:189:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, _("Alpine cannot determine which client-id to use for the username <%s> for your %s account. "), user, xinfo[0]->name); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:193:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s + strlen(s), "%s", "\n\n"); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:237:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, _("Alpine cannot determine which client-id to use for the username <%s>"), user); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:242:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, _("for your %s account. Please select the client-id to use from the following list.\n\n"), xinfo[0]->name); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:361:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(x->users, user); data/alpine-2.24+dfsg1/imap/src/c-client/auth_bea.c:125:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(response, "%s%s,\001%s%s\001%s%s\001%s%s\001\001", BEARER_ACCOUNT, user, data/alpine-2.24+dfsg1/imap/src/c-client/auth_ext.c:66:35: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if ((*responder) (stream,base,strcpy (user,mb->user),strlen(mb->user))) { data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c:56:25: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. #define SERVER_LOG(x,y) syslog (LOG_ALERT,x,y) data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c:69:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s@%s",(char *) mail_parameters (NIL,GET_SERVICENAME,NIL), data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c:149:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s@%s",service,mb->host); data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c:212:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tmp+4,strcpy (user,mb->user[0] ? mb->user : myusername ())); data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c:212:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tmp+4,strcpy (user,mb->user[0] ? mb->user : myusername ())); data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c:226:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unknown gss_wrap failure: %s",(char *) resp.value); data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c:235:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"GSSAPI mechanism status: %s",(char *) resp.value); data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c:256:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Kerberos credentials expired (try running kinit) for %s", data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c:276:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,kerberos_try_kinit (smn) ? data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c:291:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unknown GSSAPI failure: %s",(char *) resp.value); data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c:300:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"GSSAPI mechanism status: %s",(char *) resp.value); data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c:336:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s@%s",(char *) mail_parameters (NIL,GET_SERVICENAME,NIL), data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c:158:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (chal,"<%lu.%lu@%s>",(unsigned long) getpid (), data/alpine-2.24+dfsg1/imap/src/c-client/auth_oa2.c:145:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(response, "%s%s\001%s%s\001\001", OAUTH2_USER, user, OAUTH2_BEARER, oauth2.access_token); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:770:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(line, "%s %s %s", method, target, version); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:787:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((*reqp)->header + hlen, "%s: %s\015\012", name, value); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:800:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*bufp, text); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:915:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mb->host, mb->orighost); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:521:20: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (ref && *ref) sprintf (mbx,"%s%s",ref,pat); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:522:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (mbx,pat); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:592:22: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (ref && *ref) sprintf (mbx,"%s%s",ref,pat); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:593:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (mbx,pat); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:789:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (strchr (strcpy (tmp,stream->mailbox),'}') + 1,mb.mailbox); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:789:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (strchr (strcpy (tmp,stream->mailbox),'}') + 1,mb.mailbox); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:839:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Reusing connection to %s",net_host (LOCAL->netstream)); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:840:19: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (LOCAL->user) sprintf (tmp + strlen (tmp),"/user=\"%s\"", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1002:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"{%s",(long) mail_parameters (NIL,GET_TRUSTDNS,NIL) ? data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1022:24: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (LOCAL->user) sprintf (tmp + strlen (tmp),"/user=\"%s\"", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1043:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (tmp,mb.mailbox);/* mailbox name */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1134:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s AUTHENTICATE ANONYMOUS",tag); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1191:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Retrying using %s authentication after %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1200:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Retrying %s authentication after %.80s",at->name,lsterr); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1207:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s AUTHENTICATE %s",tag,at->name); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1676:22: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (imap_extrahdrs) sprintf (tmp + strlen (tmp)," %s %s %s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1679:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf (tmp + strlen (tmp)," %s %s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1685:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (tmp,LEVELIMAP4 (stream) ? " BODYSTRUCTURE" : " BODY"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1911:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"[NOTIMAP4REV1] IMAP%s server can't do extended body fetch", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1917:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"[NOTIMAP4REV1] IMAP%s server can't do partial fetch", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1922:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp,"[NOTIMAP4REV1] IMAP%s server can't do selective header fetch", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1934:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,nopeek ? /* only babble if \Seen not set */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3018:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(p, " \"%s\" \"%s\"", list->name, list->value); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3117:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (CMDBASE,"%s %s",tag,cmd); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3425:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (u, (X), (Y)); \ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3918:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (*s," %s %d-%s-%d",name,date & 0x1f, data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3961:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s = (char *) fs_get ((i = strlen (string) + 2) + 1), data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4420:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (strncpy (LOCAL->tmp,stream->mailbox,i) + i,t); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4464:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s = LOCAL->tmp,"%s%s",LOCAL->prefix,(char *) t); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4670:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (t = LOCAL->tmp,"%s%s",LOCAL->prefix,(char *) reply->text); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5136:6: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (LOCAL->tmp,/* yes, must be bad syntax */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:6104:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (*s) strcpy (rs,s); /* write remainder of sequence */ data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:730:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't %s with such a name",purpose); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:748:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't %s %.80s: %s",purpose,mailbox,(*mailbox == '{') ? data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:768:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (host) strcpy (host,mb.host); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:769:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (mailbox) strcpy (mailbox,mb.mailbox); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:812:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (mb->mailbox,t+1); /* set mailbox name */ data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:850:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). lcase (strcpy (mb->service,v)); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:852:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (mb->user,v); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:854:20: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). !*mb->authuser) strcpy (mb->authuser,v); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:856:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). !*mb->auth) strcpy (mb->auth,v); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:900:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). lcase (strcpy (mb->service,s)); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:918:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (!*mb->service) strcpy (mb->service,service); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1073:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't create %.80s: %s",mailbox,(*mailbox == '{') ? data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1085:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't create %s: %.80s",s,mailbox); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1165:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename to %s: %.80s",s,newname); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1843:32: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (section && *section) sprintf (tmp,"%s.HEADER",section); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1923:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s.TEXT",section); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1984:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s.MIME",section); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2037:20: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (!strcmp (s = strcpy (tmp,section),"0") || data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2120:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s.TEXT",section); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2543:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. s += strlen (s)) sprintf (s," %s",f); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2565:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to move message %lu from %s mailbox", data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2690:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't append %.80s: %s",mailbox,(*mailbox == '{') ? data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2695:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else if (!strncmp (lcase (strcpy (tmp,mailbox)),"#driver.",8)) { data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2872:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (string,"%2d-%s-%d %02d:%02d:%02d %c%02d%02d", data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2899:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (string,fmt,days[(int) (d + 2 + ((7 + 31 * m) / 12) data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2962:64: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (s && *s && (strlen (s) < (size_t)MAILTMPLEN)) s = ucase (strcpy (tmp,s)); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:3833:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sect,"%s%lu",prefix ? prefix : "",section++); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4047:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Search botch, mbx = %.80s, %s = %lu[%.80s]", data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:5050:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s.%lx.%lx@%s",stream->mailbox,stream->uid_validity, data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:5281:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (ret = (char *) fs_get (strlen (adr->mailbox) + data/alpine-2.24+dfsg1/imap/src/c-client/misc.c:74:19: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return string ? strcpy ((char *) fs_get (1 + strlen (string)),string) : NIL; data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:53:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,fmt,text); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:164:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (*(lcl = strcpy (name,pattern)) == '{') lcl = strchr (lcl,'}') + 1; data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:350:24: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (!(bf = fopen ((strcat (strcpy (backup,newsrc),OLDFILESUFFIX)),"wb"))) { data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:350:32: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (!(bf = fopen ((strcat (strcpy (backup,newsrc),OLDFILESUFFIX)),"wb"))) { data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:243:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (mb.mailbox[0] != '#') strcpy (mbx,mb.mailbox); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:247:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (mb.mailbox[5] == '.')) strcpy (mbx,mb.mailbox+6); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:355:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (*(lcl = strchr (strcpy (name,pattern),'}') + 1) == '#') lcl += 6; data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:364:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (lcl,s); /* make full form of name */ data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:398:20: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (ref && *ref) sprintf (mbx,"%s%s",ref,pat); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:399:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (mbx,pat); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:421:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (pattern,ref); /* copy reference to pattern */ data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:423:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (*pat == '#') strcpy (strchr (pattern,'}') + 1,pat); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:426:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (pattern,pat + 1); /* append, omitting one of the period */ data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:427:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). else strcat (pattern,pat); /* anything else is just appended */ data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:429:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (pattern,pat); /* just have basic name */ data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:522:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Invalid NNTP name %s",mbx); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:664:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Reusing connection to %s",net_host (nstream->netstream)); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:689:19: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). hostlist[0] = strcpy (tmp,mb.host); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:703:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (mb.user[0]) sprintf (tmp + strlen (tmp),"/user=\"%s\"",mb.user); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:749:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tmp,newsrc); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:752:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). lcase (strcpy (s,(long) mail_parameters (NIL,GET_NEWSRCCANONHOST,NIL) ? data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:762:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"{%s:%lu/nntp",(long) mail_parameters (NIL,GET_TRUSTDNS,NIL) ? data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:777:20: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (LOCAL->user) sprintf (tmp + strlen (tmp),"/user=\"%s\"",LOCAL->user); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:779:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf (tmp + strlen (tmp),"}#news.%s",mbx); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:826:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Newsgroup %s is empty",mbx); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:1939:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (path,"Path: %s!%s\015\012",net_localhost (stream->netstream), data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:2003:15: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (args) sprintf (s,"%s %s",command,args); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:2004:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (s,command); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:2058:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Retrying using %s authentication after %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:2067:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Retrying %s authentication after %.80s",at->name,lsterr); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:2073:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "AUTHINFO SASL %s", at->name); /* create base string */ data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:2230:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (stream->reply,"%ld %s",NNTPSOFTFATAL,text); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:88:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(rv, u); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:90:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(rv, tenant); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:248:23: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (strchr (strcpy (tmp,ref),'}')+1,"INBOX"); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:253:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (strchr (strcpy (tmp,pat),'}')+1,"INBOX"); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:275:20: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (ref && *ref) sprintf (mbx,"%s%s",ref,pat); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:276:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (mbx,pat); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:435:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp + strlen (tmp),"/user=\"%s\"}%s",usr,mb.mailbox); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:635:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (pwd,"Retrying %s authentication after %.80s",at->name,t); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:640:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pwd, "AUTH %s", at->name); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:1084:15: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (args) sprintf (s,"%s %s",command,args); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:1085:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (s,command); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:814:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,s,string); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1023:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (adl + adllen - 1,",@%s",s); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1026:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf (adl = (char *) fs_get (i),"@%s",s); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1100:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (v = (char *) fs_get (strlen (adr->mailbox) + strlen (s) + 2), data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1178:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (v = (char *) fs_get (strlen (ret) + strlen (s) + 2), data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:250:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%sSMTP authentication not available: %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:301:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Retrying using %s authentication after %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:310:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Retrying %s authentication after %.80s",at->name,lsterr); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:315:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "AUTH %s", at->name); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:454:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (smtpserver,"{%.200s/smtp%s}<none>", data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:480:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp + strlen (tmp),"@%s",env->return_path->host); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:495:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (tmp,ESMTP.dsn.full ? " RET=FULL" : " RET=HDRS"); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:600:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp + strlen (tmp),"@%s>",adr->host); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:653:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (args) sprintf (s,"%s %s",command,args); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:654:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (s,command); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:707:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"EHLO %s",host); /* build the complete command */ data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:799:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (stream->reply,"%ld %s",code,text); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:265:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (path,sysinbox ());/* use system INBOX */ data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:273:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"#driver.%s/INBOX",ds->dtb->name); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:327:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (path,sysinbox ()); /* use system INBOX for unix and MMDF */ data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:340:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"#driver.%s/INBOX",ds->dtb->name); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:391:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s appending to %.80s (%s %.80s)", data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:427:26: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (lstat (path,sbuf)) strcat (tmp,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:426:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,response,t ? (char *) cmdbuf : "*"); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:576:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (msg,"%s %s",cmd,s); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:678:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (u,v); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1508:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,response,lstref ? "*" : tag); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1515:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,response,tag); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1525:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,response,tag); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1560:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,response,tag,cmd,lasterror ()); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3012:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"BODY[%s.MIME]",ta->section); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3042:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"BODY[%s]",ta->section ? ta->section : ""); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3122:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"BINARY.SIZE[%s] %lu",ta->section ? ta->section : "", data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3131:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"BINARY[%s]<%lu> ", data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3133:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf (tmp,"BINARY[%s] ",ta->section ? ta->section : ""); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3147:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"BINARY[%s] NIL",ta->section ? ta->section : ""); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3213:38: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (ta->section && *ta->section) sprintf (tmp,"BODY[%s.TEXT]",ta->section); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4011:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s,"#public/%s",(*name == '/') ? name+1 : name); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4058:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (pattern,ref); /* copy reference to pattern */ data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4060:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (*pat == '#') strcpy (pattern,pat); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4063:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (pattern,pat + 1); /* append, omitting one of the period */ data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4064:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). else strcat (pattern,pat); /* anything else is just appended */ data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4066:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (pattern,pat); /* just have basic name */ data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4204:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (s,t); data/alpine-2.24+dfsg1/imap/src/ipopd/ipop2d.c:350:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tmp+i,t); /* append mailbox to initial spec */ data/alpine-2.24+dfsg1/imap/src/ipopd/ipop2d.c:398:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (elt) sprintf (status,"Status: %s%s\015\012", data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:383:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,STATUS,elt->seen ? "R" : " ", data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:451:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,STATUS,elt->seen ? "R" : " ", data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:268:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (usage2,pgm,usgchk,stdsw); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:277:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (usage2,pgm,usgcre,stdsw); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:285:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (usage2,pgm,usgdel,stdsw); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:293:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (usage2,pgm,usgren,stdsw); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:301:32: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (!src || !dst || merge) printf (usage3,pgm,cmd,usgcpymov,stdsw); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:312:32: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (!src || !dst || merge) printf (usage3,pgm,cmd,usgappdel,stdsw); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:325:38: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. !(criteria = prune_criteria (dst))) printf (usage2,pgm,usgprn,stdsw); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:365:23: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (!src || !dst) printf (usage2,pgm,usgxfr,stdsw); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:375:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (dest) strcpy (strchr (strcpy (tmp,dest->mailbox),'}') + 1, data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:375:33: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (dest) strcpy (strchr (strcpy (tmp,dest->mailbox),'}') + 1, data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:387:19: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (source) strcpy (strchr (strcpy (tmp,source->mailbox),'}') + 1, data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:387:35: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (source) strcpy (strchr (strcpy (tmp,source->mailbox),'}') + 1, data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:389:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (tmp,src); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:426:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (usage2,pgm,"command [switches] arguments",stdsw); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:486:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s%lu", *len == 0L ? "" : ",", i); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:488:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s%lu:*", *len == 0L ? "" : ",", i); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:490:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s%lu:%lu", *len == 0L ? "" : ",", i, j); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:500:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*sequence + strlen(*sequence), tmp); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:757:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (ndst = (char *) fs_get (strlen (dst) + strlen (suffix) + 1), data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:783:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (s,tail); /* terminate flags list */ data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:872:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (t,t1); /* copy the user flag */ data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:1041:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s = tmp,"{%s/%s",mb->host,mb->service); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:1042:18: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (*mb->user) sprintf (tmp+strlen (tmp),"/user=%s", data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:1043:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (username,mb->user)); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:1044:22: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (*mb->authuser) sprintf (tmp+strlen (tmp),"/authuser=%s",mb->authuser); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:1053:18: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. if(strlen (s = getpass (s)) < MAILTMPLEN) *password = cpystr(s); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:1062:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s = tmp,"{%s/%s",mb->host,mb->service); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:1063:20: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (*mb->user) sprintf (tmp+strlen (tmp),"/user=%s", data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:1064:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (username,mb->user)); data/alpine-2.24+dfsg1/imap/src/mlock/mlock.c:110:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (lock,"%s.lock",file); data/alpine-2.24+dfsg1/imap/src/mlock/mlock.c:124:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (hitch,"%s.%lu.%lu.",lock,(unsigned long) time (0), data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:105:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tmp,pwd->pw_gecos); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:108:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (personalname,tmp);/* make a permanent copy of it */ data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:397:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (t = tmp+400,"%s@%s",adr->mailbox,adr->host); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:404:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (tmp,stream->user_flags[find_rightmost_bit (&i)]); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:442:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (tmp,stream->user_flags[find_rightmost_bit (&i)]); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:466:14: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (pfx) sprintf (tmp,"%s%ld.",pfx,++i); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:473:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s," %s%ld %s",pfx,++i,body_types[body->type]); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:474:24: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (body->subtype) sprintf (s += strlen (s),"/%s",body->subtype); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:475:28: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (body->description) sprintf (s += strlen (s)," (%s)",body->description); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:477:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s),";%s=%s",par->attribute,par->value); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:479:19: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (body->id) sprintf (s += strlen (s),", id = %s",body->id); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:495:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s%ld.",pfx,i); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:713:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (curhst,mb->host); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:714:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s = tmp,"{%s/%s",mb->host,mb->service); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:715:18: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (*mb->user) sprintf (tmp+strlen (tmp),"/user=%s",strcpy (user,mb->user)); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:715:55: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (*mb->user) sprintf (tmp+strlen (tmp),"/user=%s",strcpy (user,mb->user)); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:716:22: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (*mb->authuser) sprintf (tmp+strlen (tmp),"/authuser=%s",mb->authuser); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:727:25: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. if(pwd) *pwd = cpystr(getpass (s)); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:810:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (text,line); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:817:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (msg->date,line); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/ckp_std.c:40:36: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. !strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) ? data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:172:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (file,test); /* use just that name then */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:222:27: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). pmatch ("INBOX",ucase (strcpy (tmp,test)))) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:299:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (dir) sprintf (tmp,"%s%s",dir,d->d_name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:300:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (tmp,d->d_name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:302:20: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if ((pmatch_full (strcpy (path,tmp),pat,'/') || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:306:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (path+len-1,d->d_name) && !stat (path,&sbuf)) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:311:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (path,"%s/",tmp); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:757:23: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return (s && !*s) ? strcpy (dst,sysinbox ()) : s; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:778:32: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (mailboxfile (tmp,pat)) strcpy (tmp,pat); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:786:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tmp,pat); /* yes, ignore */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:791:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (!ref) strcpy (tmp,pat); /* just copy if no namespace */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:794:24: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (*pat == '/') strcpy (strchr (strcpy (tmp,ref),'/'),pat); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:794:40: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (*pat == '/') strcpy (strchr (strcpy (tmp,ref),'/'),pat); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:796:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf (tmp,"%s%s",ref,pat); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:329:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (date,prefix,days[t->tm_wday]); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:333:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (date,fmt,t->tm_mday,months[t->tm_mon],t->tm_year+1900, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:621:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s/INBOX", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:638:44: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (!myNewsrc) myNewsrc = cpystr(strcat (strcpy (tmp,myHomeDir),"/.newsrc")); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:665:24: [4] (misc) getlogin: It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid()) and extract the desired information instead. if (((s = (char *) getlogin ()) && *s && (strlen (s) < NETMAXUSER) && data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:723:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s/%s",home,mailsubdir); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:740:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s/%s",MAILSPOOL,myusername ()); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:759:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tmp,dir); /* write directory prefix */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:764:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (tmp,name); /* write name in directory */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:770:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (dst,mymailboxdir ()); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:794:31: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (name[4] == '/') && ftpHome) sprintf (dst,"%s/%s",ftpHome,name+5); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:810:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (dst,"%s/%s",s,compare_cstring (name,"INBOX") ? name : "INBOX"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:818:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (dst,name); /* unrestricted, copy root name */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:824:28: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else if (*name == '/') sprintf (dst,"%s/%s",mymailboxdir (),name+1); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:840:23: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else if (mailsubdir) sprintf (dst,"%s/%s/%s",pw->pw_dir,mailsubdir,name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:841:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf (dst,"%s/%s",pw->pw_dir,name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:849:22: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (anonymous) sprintf (dst,"%s/INBOX",mymailboxdir ()); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:855:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (dst,"%s/%s",mymailboxdir (),name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:877:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (base->lock,"%s.lock",file); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:947:13: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. _exit (execv (argv[0],argv)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:975:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(tmp, /* generate default message */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:987:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Mailbox vulnerable - error creating %.80s: %s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:1062:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (lock,"%s/.%lx.%lx","/tmp", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.h:41:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define SUBSCRIPTIONFILE(t) sprintf (t,"%s/.mailboxlist",myhomedir ()) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.h:42:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define SUBSCRIPTIONTEMP(t) sprintf (t,"%s/.mlbxlsttmp",myhomedir ()) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:397:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't reopen mailbox node %.80s: %s",mbx,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:408:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s),"%s\015\012",t); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:411:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't initialize mailbox node %.80s: %s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:452:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,newname ? data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:460:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:491:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:498:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:574:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:963:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Can't copy new mail: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1058:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1198:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1304:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1510:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1515:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf+50,"Invalid flags for message %lu (%lu %lu): %s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1552:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s),"%s\015\012",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1594:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to read old status: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1599:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf+50,"Invalid flags for message %lu (%lu %lu): %s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:245:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s/%s",myhomedir (),MHPROFILE); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:261:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf (s = tmp,"%s/%s",myhomedir (),v); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:270:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s/%s",myhomedir (),MHPATH); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:364:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (file,test+4);/* use just that name then */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:422:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (dir) sprintf (name,"#mh/%s/",dir); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:431:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (cp,d->d_name); /* make directory name */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:433:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (np,d->d_name);/* make mh name of directory name */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:488:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't create mailbox %.80s: %s",mailbox,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:517:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tmp + i,d->d_name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:524:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't delete mailbox %.80s: %s",mailbox,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:563:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:662:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"%s/%lu",LOCAL->dir,elt->private.uid); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:878:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s/%s",LOCAL->dir,names[i]->d_name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:899:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"%s/%lu",LOCAL->dir,++old); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:987:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"%s/%lu",LOCAL->dir,elt->private.uid); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:989:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Expunge of message %lu failed, aborted: %s",i, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1045:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"%s/%lu",LOCAL->dir,elt->private.uid); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1158:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open append message: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1169:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1250:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (pattern,ref); /* copy reference to pattern */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1252:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (*pat == '#') strcpy (pattern,pat); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1255:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (pattern,pat + 1); /* append, omitting one of the period */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1256:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). else strcat (pattern,pat); /* anything else is just appended */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1258:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (pattern,pat); /* just have basic name */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:325:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s = (char *) fs_get (namelen + strlen (names[i]->d_name) + 2), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:417:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f,SEQFMT,now); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:418:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f,MTAFMT,now,(unsigned long) 0,now); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:430:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (s,MIXINDEX); /* create index */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:435:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (s,MIXSTATUS); /* create status */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:472:26: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else if (unlink (tmp)) sprintf (tmp,"Can't delete mailbox %.80s index: %80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:482:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (s,d->d_name); /* make path */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:557:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (src = (char *) fs_get (srcl + len + 2),"%s/%s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:559:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (dst = (char *) fs_get (dstl + len + 1),"%s%s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:753:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Error reading mix message header, uid=%lx, s=%.0lx, h=%s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1232:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (LOCAL->buf,staterr,burp->name,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1243:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (LOCAL->buf,truncerr,burp->name,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1257:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (LOCAL->buf,staterr,burp->name,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1311:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (LOCAL->buf,truncerr,burp->name,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1397:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (local->buf,MSRFMT,MSGTOK,(unsigned long) 0,0,0,0,0,0,0,'+',0,0, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1439:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (strcat (tmp," "),t); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1555:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (local->buf,MSRFMT,MSGTOK,(unsigned long) 0,0,0,0,0,0,0,'+',0,0, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1669:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f,MSRFMT,MSGTOK,elt->private.uid, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1956:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,shortmsg,plt->msgno,plt->private.uid, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1991:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,shortmsg,elt->msgno,elt->private.uid, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2019:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Error in %s in mix index file: %.500s",msg,s); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2120:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (msg,"Error in mix status file message record%s: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2204:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (LOCAL->buf,SEQFMT,LOCAL->metaseq = mix_modseq (LOCAL->metaseq)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2205:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (LOCAL->buf + strlen (LOCAL->buf),MTAFMT, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2251:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,IXRFMT,(unsigned long) 0,14,4,4,13,0,0,'+',0,0, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2257:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,SEQFMT,LOCAL->indexseq); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2282:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (idxf,SEQFMT,LOCAL->indexseq); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2287:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (idxf,IXRFMT,elt->private.uid, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2334:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,STRFMT,(unsigned long) 0,(unsigned long) 0,0, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2338:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,SEQFMT,LOCAL->statusseq); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2363:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (statf,SEQFMT,LOCAL->statusseq); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2370:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (statf,STRFMT,elt->private.uid,elt->user_flags, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2661:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Error in %s in mix sortcache record: %.500s",msg,t); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2695:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f,SEQFMT,LOCAL->sortcacheseq = mix_modseq(LOCAL->sortcacheseq)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2705:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f,SCRFMT,elt->private.uid,s->date, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2760:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Empty mix %s record",type); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2764:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Oversize mix %s record: %.512s",type,buf); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2769:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Truncated mix %s record: %.512s",type,buf); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:480:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't reopen mailbox node %.80s: %s",mbx,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:486:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%sFrom %s %sDate: ",mmdfhdr,pseudo_from,ctime (&ti)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:488:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (s += strlen (s), /* write the pseudo-header */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:493:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s)," %s",default_user_flag (i)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:494:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n%s",pseudo_msg,mmdfhdr); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:497:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't initialize mailbox node %.80s: %s",mbx, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:541:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,newname ? data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:553:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't lock mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:572:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:577:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:667:27: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if ((LOCAL->ld >= 0) && access (stream->mailbox,W_OK) && (errno == EACCES)) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:926:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Mailbox stat failed, aborted: %s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1082:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Can't open destination mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1117:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Message copy failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1276:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open append mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1286:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buf,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1591:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Mailbox open failed, aborted: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1692:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal date: %s",(char *) date); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1913:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (err,"Discarding bogus %s header in message %lu", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:2131:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (hdr,"%sFrom %s %.24s\nDate: %s\nFrom: %s <%s@%.80s>\nSubject: %s\nMessage-ID: <%lu@%.80s>\nX-IMAP: %010lu %010lu", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:2138:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s)," %s",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:2139:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n%s",pseudo_msg,mmdfhdr); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:2401:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Mailbox open failed, aborted: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:2434:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to extend mailbox: %s",strerror (e)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:2544:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to write to mailbox: %s",strerror (e = errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:290:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,newname ? data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:298:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:328:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:335:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:708:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Can't copy new mail: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:896:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to open copy mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:924:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:1009:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open append mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:1056:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:1124:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:1133:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to find CRLF at %lu in %lu bytes, text: %s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:1142:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal header at %lu: %s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:1171:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal header elements at %ld: %s,%s;%s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:1266:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:46:22: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). #define MXINDEX(d,s) strcat (mx_file (d,s),MXINDEXNAME) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:280:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s = (char *) fs_get (namelen + strlen (names[i]->d_name) + 2), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:361:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't create mailbox %.80s: %s",mailbox,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:391:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't delete mailbox %.80s index: %s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:399:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (s,d->d_name); /* make path */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:405:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't delete name %.80s: %s",mailbox,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:474:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:497:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s,"%s/%s",src,name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:498:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (d,"%s%s",dst,name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:591:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"%s/%lu",stream->mailbox,elt->private.uid); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:767:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"%s/%lu",stream->mailbox,++old); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:855:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"%s/%lu",stream->mailbox,elt->private.uid); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:857:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Expunge of message %lu failed, aborted: %s",i, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:951:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (strcat (tmp," "),t); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1072:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s/%lu",stream->mailbox,++stream->uid_last); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1075:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't create append message: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1083:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1168:26: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (LOCAL->fd = open (strcat (strcpy (tmp,stream->mailbox),MXINDEXNAME), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1168:34: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (LOCAL->fd = open (strcat (strcpy (tmp,stream->mailbox),MXINDEXNAME), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1249:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s),"K%s\n",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:236:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name + 6,t); /* make full form of name */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:274:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (pattern,ref); /* copy reference to pattern */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:276:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (*pat == '#') strcpy (pattern,pat); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:279:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (pattern,pat + 1); /* append, omitting one of the period */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:280:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). else strcat (pattern,pat); /* anything else is just appended */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:282:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (pattern,pat); /* just have basic name */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:366:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s = tmp,"%s/%s",(char *) mail_parameters (NIL,GET_NEWSSPOOL,NIL), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:392:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Newsgroup %s is empty",LOCAL->name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:495:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"%s/%lu",LOCAL->dir,elt->private.uid); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/phile.c:269:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to open file %s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/phile.c:300:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s, %d %s %d %02d:%02d:%02d %c%02d%02d", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/phile.c:309:36: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (pw = getpwuid (sbuf.st_uid)) strcpy (tmp,pw->pw_name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/phile.c:529:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't copy - file \"%s\" is not in valid mailbox format", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/scandir.c:55:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p->d_name,d->d_name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:124:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (hostname,host+1); /* yes, copy number part */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:130:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (hostname,host); /* hostname is user's argument */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:145:38: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (!(he = gethostbyname (lcase (strcpy (hostname,host))))) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:154:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (hostname,he->h_name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:206:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Trying IP address [%s]",inet_ntoa (sin->sin_addr)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:210:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to create TCP socket: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:237:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't connect to %.80s,%lu: %s",hst,port,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:266:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Connection failed to %.80s,%lu: %s",hst,port, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:729:37: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). ret = (he = gethostbyname (lcase (strcpy (host,name)))) ? data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:753:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Reverse DNS resolution %s",adr); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:764:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (flag) sprintf (ret = tmp,"%s %s",t,adr); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:297:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,newname ? data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:305:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:335:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:342:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:417:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:797:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Can't copy new mail: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:986:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to open copy mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1014:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1099:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open append mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1153:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1236:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1245:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to find newline at %lu in %lu bytes, text: %s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1254:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal header at %lu: %s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1283:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal header elements at %ld: %s,%s;%s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1378:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:340:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't reopen mailbox node %.80s: %s",mbx,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:346:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"From %s %sDate: ",pseudo_from,ctime (&ti)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:349:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:354:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s)," %s",default_user_flag (i)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:355:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n\n",pseudo_msg); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:358:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't initialize mailbox node %.80s: %s",mbx, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:402:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,newname ? data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:414:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't lock mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:433:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:438:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:528:27: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if ((LOCAL->ld >= 0) && access (stream->mailbox,W_OK) && (errno == EACCES)) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:787:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Mailbox stat failed, aborted: %s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:947:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Can't open destination mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:981:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Message copy failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1140:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open append mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1150:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buf,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1462:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Mailbox open failed, aborted: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1550:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal date: %s",(char *) date); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1749:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (err,"Discarding bogus %s header in message %lu", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1968:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (hdr,"From %s %.24s\nDate: %s\nFrom: %s <%s@%.80s>\nSubject: %s\nMessage-ID: <%lu@%.80s>\nX-IMAP: %010lu %010lu", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1975:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s)," %s",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1976:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n\n",pseudo_msg); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:2255:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Mailbox open failed, aborted: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:2288:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to extend mailbox: %s",strerror (e)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:2398:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to write to mailbox: %s",strerror (e = errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:2604:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Mail drop %s is not in standard Unix format", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:2618:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"New mail move failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:2625:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Mail drop %s lock failure, old=%lu now=%lu", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:2643:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Moved %lu bytes of new mail to %s from %s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.h:88:8: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(&x[start],"%3c, %d %s %d %s %s", \ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.h:90:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(realtime,"%s %s %2d %s %d %s", \ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.h:119:8: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(&x[start],"%3c, %d %3c %d %s",weekday, \ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.h:121:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(realtime,"%s %s %2d %s %d",weekday,month,day,time,\ data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:345:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:514:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Not a Bezerk-format mailbox: %s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:524:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to open copy mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:541:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to write message: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:650:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open append mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:663:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buf,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:740:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Invalid mailbox name: %s",s); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:170:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (file,test); /* use just that name then */ data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:237:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't subscribe %s: not a mailbox",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:258:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (base) sprintf (tmpx,"%s\\",base); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:260:12: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (dir) strcat (tmpx,dir); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:264:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (tmp,(tmp[strlen (tmp) -1] == '\\') ? "*." : "\\*."); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:265:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (tmp,file_extension ? file_extension : "*"); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:273:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (base) sprintf (tmpx,"%s\\",base); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:275:16: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (dir) sprintf (tmpx + strlen (tmpx),"%s%s",dir,f.name); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:276:12: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). else strcat (tmpx,f.name); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:281:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (dir) sprintf (tmp,"%s%s",dir,f.name); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:282:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (tmp,f.name); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:399:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't create mailbox node %s: %s",path,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:420:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't delete mailbox %s: %s",mailbox,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:453:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %s to %s: %s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:477:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s: %s",strerror (errno),stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:482:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (sbuf.st_size) sprintf (tmp,"Not a mailbox: %s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:607:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s: %s",strerror (e),mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:617:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Indeterminate mailbox format: %s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:630:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Invalid mailbox name: %s",s); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:666:32: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (mailboxfile (tmp,pat)) strcpy (tmp,pat); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:678:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s%s%s",dev,ref ? ref : "",pat); data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.c:89:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s\\NEWSRC",myhomedir ()); data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.c:134:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (date,prefix,days[t->tm_wday]); data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.c:138:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (date,fmt,t->tm_mday,months[t->tm_mon],t->tm_year+1900, data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.c:200:44: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if ((*name == '\\') || (name[1] == ':')) strcpy (dst,name); data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.c:201:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf (dst,"%s\\%s",myhomedir (),name); data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.c:202:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (ext) sprintf (dst + strlen (dst),".%s",ext); data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.c:259:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Mailbox %s, %s %lu[%.80s], %lu octets truncated to %ld", data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.c:287:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. void syslog (int priority,const char *message,...) data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.h:28:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define SUBSCRIPTIONFILE(t) sprintf (t,"%s/MAILBOX.LST",myhomedir ()) data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.h:29:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define SUBSCRIPTIONTEMP(t) sprintf (t,"%s/MAILBOX.TMP",myhomedir ()) data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.h:66:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. void syslog (int priority,const char *message,...); data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:297:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:537:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Not a MTX-format mailbox: %s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:545:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to open copy mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:562:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to write message: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:635:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open append mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:677:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:699:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Invalid mailbox name: %s",s); data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:732:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to read internal header at %ld, size = %ld: %s", data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:740:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to find end of line at %ld in %ld bytes, text: %s", data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:749:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal header at %ld: %s",curpos, data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:773:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal header elements at %ld: %s,%s;%s", data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dnf.c:70:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s = tmp,"[%s]",inet_ntoa (myip)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dnf.c:89:46: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). struct hostent *hn = gethostbyname (lcase (strcpy (tmp,*host))); data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dnv.c:69:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf (s = tmp,"[%s]",inet_ntoa (in)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dpc.c:71:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s = tmp,"[%s]",inet_ntoa (in)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dpc.c:96:46: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). struct hostent *hn = gethostbyname (lcase (strcpy (tmp,*host))); data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dwa.c:67:30: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (myip = gethostid ()) sprintf (s = tmp,"[%s]",inet_ntoa (hname,myip)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dos.c:81:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tmp,host+1); /* yes, copy number part */ data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dos.c:91:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Host not found: %s",host); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dos.c:131:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't connect to %.80s,%ld: %s (%d)",host,port,s,errno); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dwa.c:78:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Host not found: %s",host); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:130:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tmp,host+1); /* yes, copy number part */ data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:139:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (hostname,host); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:152:38: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (!(he = gethostbyname (lcase (strcpy (tmp,host))))) data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:153:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Host not found (#%d): %s",WSAGetLastError(),host); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:160:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (hostname,he->h_name); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:204:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Trying IP address [%s]",inet_ntoa (sin->sin_addr)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:232:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't connect to %.80s,%ld: %s (%d)",hst,port,s, data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:731:37: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). ret = (he = gethostbyname (lcase (strcpy (host,name)))) ? he->h_name : name; data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:753:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Reverse DNS resolution %s",adr); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:764:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (flag) sprintf (ret = tmp,"%s %s",t,adr); data/alpine-2.24+dfsg1/imap/src/osdep/mac/dummymac.c:206:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Not a mailbox: %s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/mac/dummymac.c:292:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't append to %s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/mac/env_mac.c:65:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s:News State",myhomedir ()); data/alpine-2.24+dfsg1/imap/src/osdep/mac/env_mac.c:223:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. void syslog (int priority,const char *message,...) data/alpine-2.24+dfsg1/imap/src/osdep/mac/env_mac.h:30:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define SUBSCRIPTIONFILE(t) sprintf (t,"%s:Mailbox List",myhomedir ()) data/alpine-2.24+dfsg1/imap/src/osdep/mac/env_mac.h:31:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define SUBSCRIPTIONTEMP(t) sprintf (t,"%s:Mailbox List Temp",myhomedir ()) data/alpine-2.24+dfsg1/imap/src/osdep/mac/env_mac.h:58:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. void syslog (int priority,const char *message,...); data/alpine-2.24+dfsg1/imap/src/osdep/mac/tcp_mac.c:166:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (s) sprintf (tmp,"%s: %.80s",s,host); data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:168:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (file,test); /* use just that name then */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:260:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (tmp,(tmp[strlen (tmp) -1] == '\\') ? "*.*" : "\\*.*"); data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:272:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (dir) sprintf (tmp,"%s%s",dir,f.name); data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:273:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (tmp,f.name); data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:280:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (dir) sprintf (tmp,"%s%s",dir,f.name); data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:281:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (tmp,f.name); data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:329:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (tmp,(tmp[strlen (tmp) -1] == '\\') ? "*.*" : "\\*.*") && data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:668:23: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return (s && !*s) ? strcpy (dst,sysinbox ()) : s; data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:702:32: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (mailboxfile (tmp,pat)) strcpy (tmp,pat); data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:714:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s%s%s",dev,ref ? ref : "",pat); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:103:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s\\NEWSRC",myhomedir ()); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:192:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (date,prefix,days[t->tm_wday]); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:196:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (date,fmt,t->tm_mday,months[t->tm_mon],t->tm_year+1900, data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:398:9: [4] (access) ImpersonateLoggedOnUser: If this call fails, the program could fail to drop heightened privileges (CWE-250). Make sure the return value is checked, and do not continue if a failure is reported. ImpersonateLoggedOnUser (hdl)) return env_init (user,NIL); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:489:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (!check_nt ()) sprintf (tmp,"%s\\My Documents",defaultDrive ()); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:508:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf (tmp,"%s\\users\\default",defaultDrive ()); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:545:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (path = pth,"%s%s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:548:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (path = pth,"%s\\My Documents",defaultDrive ()); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:600:22: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. if (check_nt ()) sprintf (tmp,MAILFILE,myUserName); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:601:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf (tmp,"%s\\INBOX",myhomedir ()); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:621:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tmp,dir); /* write directory prefix */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:626:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (tmp,name); /* write name in directory */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:631:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (dst,myhomedir());/* no arguments, wants home directory */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:668:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (dst,"%s\\%s",dir,name); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:676:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (dst,"%s%s",homedev,name); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:680:28: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (name[2] == '\\') strcpy (dst,name); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:681:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf (dst,"%c:\\%s",name[0],name+2); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:684:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf (dst,"%s\\%s",dir,name); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.h:33:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define SUBSCRIPTIONFILE(t) sprintf (t,"%s\\MAILBOX.LST",myhomedir ()) data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.h:34:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define SUBSCRIPTIONTEMP(t) sprintf (t,"%s\\MAILBOX.TMP",myhomedir ()) data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip4_nt.c:170:30: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (he = gethostbyname (lcase (strcpy (tmp,name))))) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip6_nt.c:130:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (!getaddrinfo (lcase (strcpy (tmp,text)),NIL,&hints,&ai))) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip6_nt.c:248:24: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (!getaddrinfo (lcase (strcpy (tmp,name)),NIL,&hints, data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:388:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't reopen mailbox node %.80s: %s",mbx,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:397:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s),"%s\015\012", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:401:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't initialize mailbox node %.80s: %s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:441:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,newname ? data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:449:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:485:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:495:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:526:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:895:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to open copy mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:934:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1076:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1161:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1367:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1372:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf+50,"Invalid flags for message %lu (%lu %lu): %s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1407:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s),"%s\015\012",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1448:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to read old status: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1453:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf+50,"Invalid flags for message %lu (%lu %lu): %s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:301:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,newname ? data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:309:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:345:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:796:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:883:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open append mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:930:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:983:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:992:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to find CRLF at %lu in %lu bytes, text: %s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:1001:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal header at %lu: %s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:1030:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal header elements at %ld: %s,%s;%s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:1125:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:20:9: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. #define crypt ssl_private_crypt data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:35:8: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. #undef crypt data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:933:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s\\%s-%s.pem",SSL_CERT_DIRECTORY,server,tcp_serveraddr ()); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:935:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s\\%s.pem",SSL_CERT_DIRECTORY,server); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:963:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (cert,"%s\\%s-%s.pem",SSL_CERT_DIRECTORY,server,tcp_serveraddr ()); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:964:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (key,"%s\\%s-%s.pem",SSL_KEY_DIRECTORY,server,tcp_serveraddr ()); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:966:26: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (stat (cert,&sbuf)) sprintf (cert,"%s\\%s.pem",SSL_CERT_DIRECTORY,server); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:968:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (key,"%s\\%s.pem",SSL_KEY_DIRECTORY,server); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:970:27: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (stat (key,&sbuf)) strcpy (key,cert); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:144:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tmp,host+1); /* yes, copy number part */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:163:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Host not found (#%d): %s",WSAGetLastError (),host); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:222:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Trying IP address [%s]",ip_sockaddrtostring (sadr,buf)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:886:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Reverse DNS resolution %s",adr); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:893:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (flag) sprintf (ret = tmp,"%s %s",t,adr); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:309:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,newname ? data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:317:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:353:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:867:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:954:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open append mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:1007:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:1074:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:1083:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to find newline at %lu in %lu bytes, text: %s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:1092:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal header at %lu: %s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:1121:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal header elements at %ld: %s,%s;%s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:1217:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:308:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't reopen mailbox node %.80s: %s",mbx,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:314:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"From %s %s",pseudo_from,ctime (&ti)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:318:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (s += strlen (s), /* write the pseudo-header */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:327:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't initialize mailbox node %.80s: %s",mbx, data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:368:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,newname ? data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:383:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't lock mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:407:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:412:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:474:27: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if ((LOCAL->ld >= 0) && access (stream->mailbox,02) && (errno == EACCES)) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:715:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Mailbox stat failed, aborted: %s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:868:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Can't open destination mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:907:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Message copy failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1068:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open append mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1078:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buf,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1308:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (lock,"%s.lock",file);/* build lock filename */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1315:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Error creating %.80s: %s",lock,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1415:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Mailbox open failed, aborted: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1502:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal date: %s",(char *) date); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1701:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (err,"Discarding bogus %s header in message %lu", data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1905:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (hdr,"From %s %.24s\r\nDate: %s\r\nFrom: %s <%s@%.80s>\r\nSubject: %s\r\nMessage-ID: <%lu@%.80s>\r\nX-IMAP: %010ld %010ld", data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1912:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (t += strlen (t)," %s",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:2183:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to extend mailbox: %s",strerror (e)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:2293:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to write to mailbox: %s",strerror (e = errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/yunchan.c:100:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. void syslog (int priority,const char *message,...) data/alpine-2.24+dfsg1/imap/src/osdep/nt/yunchan.c:120:3: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf (tmp,message,args); /* build message */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/yunchan.c:141:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,(logopt & LOG_PID) ? "%s[%d]" : "%s",ident,getpid ()); data/alpine-2.24+dfsg1/imap/src/osdep/nt/yunchan.c:342:7: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. char *getpass (const char *prompt) data/alpine-2.24+dfsg1/imap/src/osdep/nt/yunchan.h:80:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. void syslog (int priority,const char *message,...); data/alpine-2.24+dfsg1/imap/src/osdep/nt/yunchan.h:86:7: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. char *getpass (const char *prompt); data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:175:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (file,test); /* use just that name then */ data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:267:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (tmp,(tmp[strlen (tmp) -1] == '\\') ? "*.*" : "\\*.*"); data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:279:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (dir) sprintf (tmp,"%s%s",dir,f.name); data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:280:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (tmp,f.name); data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:287:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (dir) sprintf (tmp,"%s%s",dir,f.name); data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:288:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (tmp,f.name); data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:659:23: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return (s && !*s) ? strcpy (dst,sysinbox ()) : s; data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:693:32: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (mailboxfile (tmp,pat)) strcpy (tmp,pat); data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:705:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s%s%s",dev,ref ? ref : "",pat); data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.c:69:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s\\newsrc",myhomedir ()); data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.c:109:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (date,prefix,days[t->tm_wday]); data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.c:113:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (date,fmt,t->tm_mday,months[t->tm_mon],t->tm_year+1900, data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.c:193:44: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if ((*name == '\\') || (name[1] == ':')) strcpy (dst,name); data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.c:194:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf (dst,"%s\\%s",myhomedir (),name); data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.c:195:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (ext) sprintf (dst + strlen (dst),".%s",ext); data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.c:305:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. void syslog (int priority,const char *message,...) data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.h:57:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. void syslog (int priority,const char *message,...); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:387:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't reopen mailbox node %.80s: %s",mbx,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:396:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s),"%s\015\012", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:400:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't initialize mailbox node %.80s: %s", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:440:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,newname ? data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:448:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:484:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:494:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:525:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:894:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to open copy mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:933:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1075:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1160:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1366:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1371:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf+50,"Invalid flags for message %lu (%lu %lu): %s", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1406:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s),"%s\015\012",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1447:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to read old status: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1452:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf+50,"Invalid flags for message %lu (%lu %lu): %s", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:300:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,newname ? data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:308:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:344:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:795:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:882:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open append mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:929:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:982:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:991:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to find CRLF at %lu in %lu bytes, text: %s", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:1000:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal header at %lu: %s", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:1029:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal header elements at %ld: %s,%s;%s", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:1124:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/os_os2.c:85:46: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). struct hostent *hn = gethostbyname (lcase (strcpy (tmp,*host))); data/alpine-2.24+dfsg1/imap/src/osdep/os2/os_os2.c:98:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. void syslog (int priority,const char *message,...) data/alpine-2.24+dfsg1/imap/src/osdep/os2/tcp_os2.c:81:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tmp,host+1); /* yes, copy number part */ data/alpine-2.24+dfsg1/imap/src/osdep/os2/tcp_os2.c:91:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Host not found: %s",host); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tcp_os2.c:131:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't connect to %.80s,%ld: %s (%d)",host,port,s,errno); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:308:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,newname ? data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:316:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:352:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:866:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:953:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open append mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:1006:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:1073:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s", data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:1082:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to find newline at %lu in %lu bytes, text: %s", data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:1091:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal header at %lu: %s", data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:1120:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal header elements at %ld: %s,%s;%s", data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:1216:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:307:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't reopen mailbox node %.80s: %s",mbx,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:313:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"From %s %s",pseudo_from,ctime (&ti)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:317:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (s += strlen (s), /* write the pseudo-header */ data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:326:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't initialize mailbox node %.80s: %s",mbx, data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:367:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,newname ? data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:382:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't lock mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:406:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:411:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:473:27: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if ((LOCAL->ld >= 0) && access (stream->mailbox,02) && (errno == EACCES)) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:714:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Mailbox stat failed, aborted: %s", data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:867:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Can't open destination mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:906:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Message copy failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1067:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open append mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1077:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buf,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1307:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (lock,"%s.lock",file);/* build lock filename */ data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1314:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Error creating %.80s: %s",lock,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1414:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Mailbox open failed, aborted: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1501:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal date: %s",(char *) date); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1700:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (err,"Discarding bogus %s header in message %lu", data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1904:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (hdr,"From %s %.24s\r\nDate: %s\r\nFrom: %s <%s@%.80s>\r\nSubject: %s\r\nMessage-ID: <%lu@%.80s>\r\nX-IMAP: %010ld %010ld", data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1911:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (t += strlen (t)," %s",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:2182:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to extend mailbox: %s",strerror (e)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:2292:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to write to mailbox: %s",strerror (e = errno)); data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/dummyt20.c:205:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Not a mailbox: %s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/dummyt20.c:291:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't append to %s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/env_t20.c:159:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%sNEWSRC",myhomedir ()); data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/env_t20.c:213:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. void syslog (int priority,const char *message,...) data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/env_t20.h:38:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define SUBSCRIPTIONFILE(t) sprintf (t,"%s\\SUBSCRIPTIONS.TXT",myhomedir ()) data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/env_t20.h:39:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define SUBSCRIPTIONTEMP(t) sprintf (t,"%s\\SUBSCRIPTIONS.TMP",myhomedir ()) data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/env_t20.h:73:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. void syslog (int priority,const char *message,...); data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/os_t20.c:85:7: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. char *getpass (const char *prompt) data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/os_t20.h:50:7: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. char *getpass (const char *prompt); data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/tcp_t20.c:91:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"No such host as %s",host); data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/tcp_t20.c:98:28: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (!jsys (GTHST,argblk)) strcpy (tmp,host); data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/tcp_t20.c:112:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (file,"Can't connect to %s,%d server",tmp,port); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_bsi.c:44:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"auth-%s",(char *) mail_parameters (NIL,GET_SERVICENAME,NIL)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_dce.c:50:39: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. !strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) return pw; data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_dce.c:58:34: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. !strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_psx.c:62:38: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_psx.c:80:32: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. !strcmp (sp->sp_pwdp,(char *) crypt (pass,sp->sp_pwdp))) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_sce.c:42:40: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. !strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) || data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_sec.c:42:40: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. !strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) || data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_ssn.c:49:39: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. !strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) || data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_ssn.c:52:40: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. !strcmp (pa->pwa_passwd,(char *) crypt (pass,pa->pwa_passwd)))) ? data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_std.c:40:36: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. !strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) ? data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_sv4.c:62:38: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_sv4.c:76:32: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. !strcmp (sp->sp_pwdp,(char *) crypt (pass,sp->sp_pwdp))) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_svo.c:62:38: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_svo.c:75:32: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. !strcmp (sp->sp_pwdp,(char *) crypt (pass,sp->sp_pwdp))) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/crx_nfs.c:48:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (hitch,"%s.%lu.%d.",name,(unsigned long) time (0),getpid ()); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:173:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (file,test); /* use just that name then */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:223:27: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). pmatch ("INBOX",ucase (strcpy (tmp,test)))) data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:300:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (dir) sprintf (tmp,"%s%s",dir,d->d_name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:301:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (tmp,d->d_name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:303:20: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if ((pmatch_full (strcpy (path,tmp),pat,'/') || data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:307:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (path+len-1,d->d_name) && !stat (path,&sbuf)) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:312:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (path,"%s/",tmp); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:758:23: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return (s && !*s) ? strcpy (dst,sysinbox ()) : s; data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:779:32: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (mailboxfile (tmp,pat)) strcpy (tmp,pat); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:787:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tmp,pat); /* yes, ignore */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:792:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (!ref) strcpy (tmp,pat); /* just copy if no namespace */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:795:24: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (*pat == '/') strcpy (strchr (strcpy (tmp,ref),'/'),pat); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:795:40: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (*pat == '/') strcpy (strchr (strcpy (tmp,ref),'/'),pat); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:797:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf (tmp,"%s%s",ref,pat); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:544:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (date,prefix,days[t->tm_wday]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:548:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (date,fmt,t->tm_mday,months[t->tm_mon],t->tm_year+1900, data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:861:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s/%s",blackBoxDir,myUserName); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:869:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sysInbox,"%s/INBOX",home); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:888:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s/INBOX", data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:897:19: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). dorc (strcat (strcpy (tmp,myHomeDir),"/.mminit"),T); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:898:19: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). dorc (strcat (strcpy (tmp,myHomeDir),"/.imaprc"),NIL); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:911:44: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (!myNewsrc) myNewsrc = cpystr(strcat (strcpy (tmp,myHomeDir),"/.newsrc")); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:935:24: [4] (misc) getlogin: It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid()) and extract the desired information instead. if (((s = (char *) getlogin ()) && *s && (strlen (s) < NETMAXUSER) && data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:998:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s/%s",home,mailsubdir); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1015:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s/%s",MAILSPOOL,myusername ()); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1034:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tmp,dir); /* write directory prefix */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1039:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (tmp,name); /* write name in directory */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1045:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (dst,mymailboxdir ()); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1069:31: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (name[4] == '/') && ftpHome) sprintf (dst,"%s/%s",ftpHome,name+5); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1085:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (dst,"%s/%s",s,compare_cstring (name+8,"INBOX") ? data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1097:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (dst,"%s/%s/INBOX",blackBoxDir,name+1); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1100:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf (dst,"%s/%s",blackBoxDir,name+1); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1107:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (dst,name); /* unrestricted, copy root name */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1114:28: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else if (*name == '/') sprintf (dst,"%s/%s",mymailboxdir (),name+1); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1121:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (dst,"%s/%s/INBOX",blackBoxDir,name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1124:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf (dst,"%s/%s",blackBoxDir,name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1139:23: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else if (mailsubdir) sprintf (dst,"%s/%s/%s",pw->pw_dir,mailsubdir,name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1140:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf (dst,"%s/%s",pw->pw_dir,name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1150:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (dst,"%s/INBOX",mymailboxdir ()); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1156:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (dst,"%s/%s",mymailboxdir (),name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1178:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (base->lock,"%s.lock",file); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1255:13: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. _exit (execv (argv[0],argv)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1286:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(tmp, /* generate default message */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1298:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Mailbox vulnerable - error creating %.80s: %s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1373:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (lock,"%s/.%lx.%lx",closedBox ? "" : tmpdir, data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1631:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmpx,"Unknown new mailbox format in %s: %s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1651:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmpx,"Unknown empty mailbox format in %s: %s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1851:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (path,"%s/INBOX",mymailboxdir ()); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.h:41:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define SUBSCRIPTIONFILE(t) sprintf (t,"%s/.mailboxlist",myhomedir ()) data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.h:42:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define SUBSCRIPTIONTEMP(t) sprintf (t,"%s/.mlbxlsttmp",myhomedir ()) data/alpine-2.24+dfsg1/imap/src/osdep/unix/flockcyg.c:81:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unexpected file locking failure: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocklnx.c:55:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"File locking failure: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocklnx.c:67:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unexpected file locking failure: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip4_unix.c:170:30: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (he = gethostbyname (lcase (strcpy (tmp,name))))) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip6_unix.c:130:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (!getaddrinfo (lcase (strcpy (tmp,text)),NIL,&hints,&ai))) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip6_unix.c:248:24: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (!getaddrinfo (lcase (strcpy (tmp,name)),NIL,&hints, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:398:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't reopen mailbox node %.80s: %s",mbx,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:409:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s),"%s\015\012",t); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:412:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't initialize mailbox node %.80s: %s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:453:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,newname ? data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:461:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:492:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:499:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:575:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:964:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Can't copy new mail: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1059:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1199:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1305:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1511:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1516:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf+50,"Invalid flags for message %lu (%lu %lu): %s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1553:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s),"%s\015\012",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1595:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to read old status: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1600:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf+50,"Invalid flags for message %lu (%lu %lu): %s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:246:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s/%s",myhomedir (),MHPROFILE); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:262:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf (s = tmp,"%s/%s",myhomedir (),v); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:271:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s/%s",myhomedir (),MHPATH); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:365:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (file,test+4);/* use just that name then */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:423:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (dir) sprintf (name,"#mh/%s/",dir); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:432:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (cp,d->d_name); /* make directory name */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:434:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (np,d->d_name);/* make mh name of directory name */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:489:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't create mailbox %.80s: %s",mailbox,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:518:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tmp + i,d->d_name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:525:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't delete mailbox %.80s: %s",mailbox,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:564:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:663:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"%s/%lu",LOCAL->dir,elt->private.uid); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:879:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s/%s",LOCAL->dir,names[i]->d_name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:900:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"%s/%lu",LOCAL->dir,++old); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:988:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"%s/%lu",LOCAL->dir,elt->private.uid); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:990:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Expunge of message %lu failed, aborted: %s",i, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1046:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"%s/%lu",LOCAL->dir,elt->private.uid); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1159:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open append message: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1170:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1251:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (pattern,ref); /* copy reference to pattern */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1253:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (*pat == '#') strcpy (pattern,pat); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1256:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (pattern,pat + 1); /* append, omitting one of the period */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1257:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). else strcat (pattern,pat); /* anything else is just appended */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1259:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (pattern,pat); /* just have basic name */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:326:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s = (char *) fs_get (namelen + strlen (names[i]->d_name) + 2), data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:418:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f,SEQFMT,now); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:419:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f,MTAFMT,now,(unsigned long) 0,now); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:431:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (s,MIXINDEX); /* create index */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:436:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (s,MIXSTATUS); /* create status */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:473:26: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else if (unlink (tmp)) sprintf (tmp,"Can't delete mailbox %.80s index: %80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:483:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (s,d->d_name); /* make path */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:558:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (src = (char *) fs_get (srcl + len + 2),"%s/%s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:560:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (dst = (char *) fs_get (dstl + len + 1),"%s%s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:754:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Error reading mix message header, uid=%lx, s=%.0lx, h=%s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1233:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (LOCAL->buf,staterr,burp->name,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1244:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (LOCAL->buf,truncerr,burp->name,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1258:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (LOCAL->buf,staterr,burp->name,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1312:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (LOCAL->buf,truncerr,burp->name,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1398:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (local->buf,MSRFMT,MSGTOK,(unsigned long) 0,0,0,0,0,0,0,'+',0,0, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1440:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (strcat (tmp," "),t); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1556:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (local->buf,MSRFMT,MSGTOK,(unsigned long) 0,0,0,0,0,0,0,'+',0,0, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1670:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f,MSRFMT,MSGTOK,elt->private.uid, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1957:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,shortmsg,plt->msgno,plt->private.uid, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1992:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,shortmsg,elt->msgno,elt->private.uid, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2020:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Error in %s in mix index file: %.500s",msg,s); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2121:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (msg,"Error in mix status file message record%s: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2205:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (LOCAL->buf,SEQFMT,LOCAL->metaseq = mix_modseq (LOCAL->metaseq)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2206:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (LOCAL->buf + strlen (LOCAL->buf),MTAFMT, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2252:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,IXRFMT,(unsigned long) 0,14,4,4,13,0,0,'+',0,0, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2258:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,SEQFMT,LOCAL->indexseq); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2283:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (idxf,SEQFMT,LOCAL->indexseq); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2288:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (idxf,IXRFMT,elt->private.uid, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2335:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,STRFMT,(unsigned long) 0,(unsigned long) 0,0, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2339:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,SEQFMT,LOCAL->statusseq); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2364:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (statf,SEQFMT,LOCAL->statusseq); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2371:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (statf,STRFMT,elt->private.uid,elt->user_flags, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2662:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Error in %s in mix sortcache record: %.500s",msg,t); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2696:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f,SEQFMT,LOCAL->sortcacheseq = mix_modseq(LOCAL->sortcacheseq)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2706:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f,SCRFMT,elt->private.uid,s->date, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2761:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Empty mix %s record",type); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2765:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Oversize mix %s record: %.512s",type,buf); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2770:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Truncated mix %s record: %.512s",type,buf); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:481:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't reopen mailbox node %.80s: %s",mbx,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:487:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%sFrom %s %sDate: ",mmdfhdr,pseudo_from,ctime (&ti)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:489:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (s += strlen (s), /* write the pseudo-header */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:494:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s)," %s",default_user_flag (i)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:495:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n%s",pseudo_msg,mmdfhdr); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:498:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't initialize mailbox node %.80s: %s",mbx, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:555:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't lock mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:574:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:579:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:669:27: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if ((LOCAL->ld >= 0) && access (stream->mailbox,W_OK) && (errno == EACCES)) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:928:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Mailbox stat failed, aborted: %s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1084:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Can't open destination mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1119:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Message copy failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1278:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open append mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1288:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buf,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1593:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Mailbox open failed, aborted: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1694:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal date: %s",(char *) date); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1915:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (err,"Discarding bogus %s header in message %lu", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:2133:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (hdr,"%sFrom %s %.24s\nDate: %s\nFrom: %s <%s@%.80s>\nSubject: %s\nMessage-ID: <%lu@%.80s>\nX-IMAP: %010lu %010lu", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:2140:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s)," %s",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:2141:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n%s",pseudo_msg,mmdfhdr); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:2403:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Mailbox open failed, aborted: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:2436:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to extend mailbox: %s",strerror (e)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:2546:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to write to mailbox: %s",strerror (e = errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:300:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:330:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:337:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:710:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Can't copy new mail: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:898:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to open copy mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:926:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:1011:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open append mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:1058:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:1126:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:1135:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to find CRLF at %lu in %lu bytes, text: %s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:1144:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal header at %lu: %s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:1173:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal header elements at %ld: %s,%s;%s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:1268:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:46:22: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). #define MXINDEX(d,s) strcat (mx_file (d,s),MXINDEXNAME) data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:281:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s = (char *) fs_get (namelen + strlen (names[i]->d_name) + 2), data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:362:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't create mailbox %.80s: %s",mailbox,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:392:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't delete mailbox %.80s index: %s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:400:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (s,d->d_name); /* make path */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:406:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't delete name %.80s: %s",mailbox,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:475:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:498:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s,"%s/%s",src,name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:499:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (d,"%s%s",dst,name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:592:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"%s/%lu",stream->mailbox,elt->private.uid); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:768:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"%s/%lu",stream->mailbox,++old); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:856:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"%s/%lu",stream->mailbox,elt->private.uid); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:858:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Expunge of message %lu failed, aborted: %s",i, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:952:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (strcat (tmp," "),t); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1073:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s/%lu",stream->mailbox,++stream->uid_last); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1076:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't create append message: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1084:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1169:26: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (LOCAL->fd = open (strcat (strcpy (tmp,stream->mailbox),MXINDEXNAME), data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1169:34: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (LOCAL->fd = open (strcat (strcpy (tmp,stream->mailbox),MXINDEXNAME), data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1250:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s),"K%s\n",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:237:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name + 6,t); /* make full form of name */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:275:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (pattern,ref); /* copy reference to pattern */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:277:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (*pat == '#') strcpy (pattern,pat); data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:280:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (pattern,pat + 1); /* append, omitting one of the period */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:281:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). else strcat (pattern,pat); /* anything else is just appended */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:283:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (pattern,pat); /* just have basic name */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:367:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s = tmp,"%s/%s",(char *) mail_parameters (NIL,GET_NEWSSPOOL,NIL), data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:393:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Newsgroup %s is empty",LOCAL->name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:496:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"%s/%lu",LOCAL->dir,elt->private.uid); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_a32.c:46:7: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. char *crypt (char *key,char *salt); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_aix.c:45:7: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. char *crypt (char *key,char *salt); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_art.h:74:5: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. int syslog (priority,message,parameters ...); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_drs.c:45:7: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. char *crypt (char *key,char *salt); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_lyn.c:45:7: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. char *crypt (char *key,char *salt); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_nto.c:73:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). dc.d_namlen = strlen (strcpy (dc.d_name,de->d_name)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_qnx.c:49:14: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. extern char *crypt (const char *pw, const char *salt); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_qnx.c:74:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). dc.d_namlen = strlen (strcpy (dc.d_name,de->d_name)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_soln.h:68:9: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. #define getpass getpassphrase data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sv2.c:102:5: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. int syslog (int priority,char *message,char *parameters) data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sv2.h:109:5: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. int syslog (priority,message,parameters ...); data/alpine-2.24+dfsg1/imap/src/osdep/unix/phile.c:270:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to open file %s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/phile.c:301:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s, %d %s %d %02d:%02d:%02d %c%02d%02d", data/alpine-2.24+dfsg1/imap/src/osdep/unix/phile.c:310:46: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if ((pw = getpwuid (sbuf.st_uid)) != NULL) strcpy (tmp,pw->pw_name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/phile.c:530:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't copy - file \"%s\" is not in valid mailbox format", data/alpine-2.24+dfsg1/imap/src/osdep/unix/scandir.c:55:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p->d_name,d->d_name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:27:9: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. #define crypt ssl_private_crypt data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:42:8: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. #undef crypt data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:926:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s/%s-%s.pem",SSL_CERT_DIRECTORY,server,tcp_serveraddr ()); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:928:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s/%s.pem",SSL_CERT_DIRECTORY,server); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:956:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (cert,"%s/%s-%s.pem",SSL_CERT_DIRECTORY,server,tcp_serveraddr ()); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:957:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (key,"%s/%s-%s.pem",SSL_KEY_DIRECTORY,server,tcp_serveraddr ()); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:959:26: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (stat (cert,&sbuf)) sprintf (cert,"%s/%s.pem",SSL_CERT_DIRECTORY,server); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:961:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (key,"%s/%s.pem",SSL_KEY_DIRECTORY,server); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:963:27: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (stat (key,&sbuf)) strcpy (key,cert); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:177:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tmp,host+1); /* yes, copy number part */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:257:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Trying IP address [%s]",ip_sockaddrtostring (sadr,buf)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:261:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to create TCP socket: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:288:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't connect to %.80s,%u: %s",hst,(unsigned int) port, data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:322:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Connection failed to %.80s,%lu: %s",hst, data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:371:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (host,mb->host+1); /* yes, copy without brackets */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:382:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (host,r = tcp_canonical (mb->host)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:387:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,sshcommand,sshpath,host, data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:389:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. else sprintf (tmp,rshcommand,rshpath,host, data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:426:14: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. _exit (execv (path,argv));/* now run it */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:457:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (tmp,i ? "error in %s to IMAP server" : data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:465:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (usrbuf,mb->user[0] ? mb->user : myusername ()); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:997:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Reverse DNS resolution %s",adr); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:1005:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (flag) sprintf (ret = tmp,"%s %s",t,adr); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:309:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:339:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:346:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:421:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:801:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Can't copy new mail: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:990:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to open copy mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1018:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1103:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open append mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1157:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1240:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1249:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to find newline at %lu in %lu bytes, text: %s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1258:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal header at %lu: %s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1287:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal header elements at %ld: %s,%s;%s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1382:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:341:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't reopen mailbox node %.80s: %s",mbx,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:347:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"From %s %sDate: ",pseudo_from,ctime (&ti)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:350:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s), data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:355:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s)," %s",default_user_flag (i)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:356:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n\n",pseudo_msg); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:359:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't initialize mailbox node %.80s: %s",mbx, data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:416:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't lock mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:435:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:440:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:530:27: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if ((LOCAL->ld >= 0) && access (stream->mailbox,W_OK) && (errno == EACCES)) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:776:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Mailbox stat failed, aborted: %s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:936:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Can't open destination mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:970:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Message copy failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1129:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't open append mailbox: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1139:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buf,"Message append failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1451:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Mailbox open failed, aborted: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1539:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to parse internal date: %s",(char *) date); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1738:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (err,"Discarding bogus %s header in message %lu", data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1957:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (hdr,"From %s %.24s\nDate: %s\nFrom: %s <%s@%.80s>\nSubject: %s\nMessage-ID: <%lu@%.80s>\nX-IMAP: %010lu %010lu", data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1964:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s)," %s",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1965:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n\n",pseudo_msg); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:2244:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Mailbox open failed, aborted: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:2277:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Unable to extend mailbox: %s",strerror (e)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:2387:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to write to mailbox: %s",strerror (e = errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:2593:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Mail drop %s is not in standard Unix format", data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:2607:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"New mail move failed: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:2614:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Mail drop %s lock failure, old=%lu now=%lu", data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:2632:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (LOCAL->buf,"Moved %lu bytes of new mail to %s from %s", data/alpine-2.24+dfsg1/imap/src/osdep/vms/dummyvms.c:206:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Not a mailbox: %s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/vms/dummyvms.c:292:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't append to %s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/vms/env_vms.c:68:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s:.newsrc",myhomedir ()); data/alpine-2.24+dfsg1/imap/src/osdep/vms/env_vms.c:89:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (date,prefix,days[t->tm_wday]); data/alpine-2.24+dfsg1/imap/src/osdep/vms/env_vms.c:93:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (date,fmt,t->tm_mday,months[t->tm_mon],t->tm_year+1900, data/alpine-2.24+dfsg1/imap/src/osdep/vms/env_vms.c:127:26: [4] (misc) cuserid: Exactly what cuserid() does is poorly defined (e.g., some systems use the effective uid, like Linux, while others like System V use the real uid). Thus, you can't trust what it does. It's certainly not portable (The cuserid function was included in the 1988 version of POSIX, but removed from the 1990 version). Also, if passed a non-null parameter, there's a risk of a buffer overflow if the passed-in buffer is not at least L_cuserid characters long (CWE-120). Use getpwuid(geteuid()) and extract the desired information instead. myUserName = cpystr (cuserid (NIL)); data/alpine-2.24+dfsg1/imap/src/osdep/vms/env_vms.c:161:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. void syslog (int priority,const char *message,...) data/alpine-2.24+dfsg1/imap/src/osdep/vms/env_vms.h:27:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define SUBSCRIPTIONFILE(t) sprintf (t,"%s\\SUBSCRIPTIONS.TXT",myhomedir ()) data/alpine-2.24+dfsg1/imap/src/osdep/vms/env_vms.h:28:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define SUBSCRIPTIONTEMP(t) sprintf (t,"%s\\SUBSCRIPTIONS.TMP",myhomedir ()) data/alpine-2.24+dfsg1/imap/src/osdep/vms/env_vms.h:57:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. void syslog (int priority,const char *message,...); data/alpine-2.24+dfsg1/imap/src/osdep/vms/os_vms.c:68:7: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. char *getpass (const char *prompt) data/alpine-2.24+dfsg1/imap/src/osdep/vms/os_vms.h:50:7: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. char *getpass (const char *prompt); data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsl.c:76:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't connect to %.80s,%lu: %s",host,port,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:96:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (hostname,host+1); /* yes, copy number part */ data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:100:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (hostname,host); /* hostname is user's argument */ data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:111:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (hostname,host); /* in case host is in write-protected memory */ data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:116:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (hostname,host_name->h_name); data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:128:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Unable to create TCP socket: %s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:145:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't connect to %.80s,%d: %s",hostname,port, data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:464:51: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else return cpystr ((he = gethostbyname (lcase (strcpy (host,name)))) ? data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsn.c:49:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf (tmp,"Can't connect to %.80s,%s: no TCP",host,service); data/alpine-2.24+dfsg1/imap/src/osdep/wce/dummywce.c:213:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Not a mailbox: %s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/wce/dummywce.c:298:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't append to %s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.c:86:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s\\NEWSRC",myhomedir ()); data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.c:137:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (date,prefix,days[t->tm_wday]); data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.c:141:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (date,fmt,t->tm_mday,months[t->tm_mon],t->tm_year+1900, data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.c:147:22: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (tz && tz[0]) sprintf (date + strlen (date)," (%s)",tz); data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.c:214:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (path,"%s%s",homeDrive (),s); data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.c:238:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s\\INBOX",myhomedir ()); data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.c:264:56: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else if ((*name == '\\') || (name[1] == ':')) return strcpy (dst,name); data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.c:266:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (dst,"%s\\%s",dir,name); data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.c:288:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. void syslog (int priority,const char *message,...) data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.h:27:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define SUBSCRIPTIONFILE(t) sprintf (t,"%s\\MAILBOX.LST",myhomedir ()) data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.h:28:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define SUBSCRIPTIONTEMP(t) sprintf (t,"%s\\MAILBOX.TMP",myhomedir ()) data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.h:67:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. void syslog (int priority,const char *message,...); data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:130:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tmp,host+1); /* yes, copy number part */ data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:139:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (hostname,host); data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:152:38: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (!(he = gethostbyname (lcase (strcpy (tmp,host))))) data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:153:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Host not found (#%d): %s",WSAGetLastError(),host); data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:160:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (hostname,he->h_name); data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:204:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Trying IP address [%s]",inet_ntoa (sin->sin_addr)); data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:232:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Can't connect to %.80s,%ld: %s (%d)",hst,port,s, data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:731:37: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). ret = (he = gethostbyname (lcase (strcpy (host,name)))) ? he->h_name : name; data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:753:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"Reverse DNS resolution %s",adr); data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:764:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (flag) sprintf (ret = tmp,"%s %s",t,adr); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:385:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (path,sysinbox ());/* use system INBOX */ data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:393:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"#driver.%s/INBOX",ds->dtb->name); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:448:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (path,sysinbox ()); /* use system INBOX for unix and MMDF */ data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:461:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"#driver.%s/INBOX",ds->dtb->name); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:511:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s appending to %.80s (%s %.80s)", data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:543:26: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (lstat (path,sbuf)) strcat (tmp,strerror (errno)); data/alpine-2.24+dfsg1/include/system.h:64:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). char *strcpy (char *, const char *); data/alpine-2.24+dfsg1/include/system.h:65:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). char *strcat (char *, const char *); data/alpine-2.24+dfsg1/include/system.h:368:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #undef snprintf data/alpine-2.24+dfsg1/include/system.h:369:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/alpine-2.24+dfsg1/include/system.h:369:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/alpine-2.24+dfsg1/ldap/inckit/ldap.h:68:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( stderr, fmt, arg1, arg2, arg3 ); \ data/alpine-2.24+dfsg1/ldap/inckit/ldap.h:70:4: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog( ldap_syslog_level, fmt, arg1, arg2, arg3 ); \ data/alpine-2.24+dfsg1/ldap/inckit/ldap.h:76:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( stderr, fmt, arg1, arg2, arg3 ); data/alpine-2.24+dfsg1/ldap/inckit/msdos.h:125:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #define strcpy( a, b ) _fstrcpy( a, b ) data/alpine-2.24+dfsg1/mapi/instmapi.c:94:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s%s", dir, dir[strlen(dir)-1] == '\\' ? data/alpine-2.24+dfsg1/mapi/instmapi.c:97:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, data/alpine-2.24+dfsg1/mapi/instmapi.c:198:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(mapifile, "%s%s", dir, dir[strlen(dir)-1] == '\\' ? data/alpine-2.24+dfsg1/mapi/instmapi.c:204:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer2, "pmapi32.dll exists in %s as mapi32.dll", data/alpine-2.24+dfsg1/mapi/instmapi.c:212:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "%s%s", dir, dir[strlen(dir)-1] == '\\' ? data/alpine-2.24+dfsg1/mapi/instmapi.c:230:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer2, "%s%s", dir, dir[strlen(dir)-1] == '\\' ? data/alpine-2.24+dfsg1/mapi/instmapi.c:234:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer2, "pmapi32.dll has been copied to %s", data/alpine-2.24+dfsg1/mapi/instmapi.c:241:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer2, "pmapi32.dll could not be copied to %s", data/alpine-2.24+dfsg1/mapi/pmapi.c:199:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s%s%d", prefix, (*prefix ? "." : ""), num); data/alpine-2.24+dfsg1/mapi/pmapi.c:250:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%smapiapp%d%s", dir, nmg->attach_no, data/alpine-2.24+dfsg1/mapi/pmapi.c:315:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%d/%s%d/%s%d %s%d:%s%d", data/alpine-2.24+dfsg1/mapi/pmapi.c:328:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s@%s", env->from->mailbox, env->from->host); data/alpine-2.24+dfsg1/mapi/pmapi.c:366:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s@%s", addr->mailbox, addr->host); data/alpine-2.24+dfsg1/mapi/pmapi.c:380:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s@%s", addr->mailbox, addr->host); data/alpine-2.24+dfsg1/mapi/pmapi.c:394:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s@%s", addr->mailbox, addr->host); data/alpine-2.24+dfsg1/mapi/pmapi.c:496:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(user, tpwc->user); data/alpine-2.24+dfsg1/mapi/pmapi.c:497:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pwd, tpwc->pwd); data/alpine-2.24+dfsg1/mapi/pmapi.c:511:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(user, nmg->cs->dlge.edit1); data/alpine-2.24+dfsg1/mapi/pmapi.c:512:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pwd, nmg->cs->dlge.edit2); data/alpine-2.24+dfsg1/mapi/pmapi.c:889:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tfcc, "%s%s%s", col, fcc, p2); data/alpine-2.24+dfsg1/mapi/pmapi.c:978:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s%smapipinerc%d", dir, data/alpine-2.24+dfsg1/mapi/pmapi.c:1216:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newstr, *valstrp); data/alpine-2.24+dfsg1/mapi/pmapi.c:1217:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newstr, p3 && *p3 ? p3 : ""); data/alpine-2.24+dfsg1/mapi/pmapi.c:1218:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newstr, p2 + 1); data/alpine-2.24+dfsg1/mapi/pmapi.c:1503:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(subkey, "MIME\\Database\\Content Type\\%s", mime_type); data/alpine-2.24+dfsg1/mapi/pmapi.c:1554:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tf,dir); data/alpine-2.24+dfsg1/mapi/pmapi.c:1595:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cs->dlge.edit1, *cs->mb->user ? cs->mb->user data/alpine-2.24+dfsg1/mapi/pmapi.c:1597:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cs->dlge.edit2, ui[0]); data/alpine-2.24+dfsg1/mapi/pmapi.c:1625:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dir, tmpdir); data/alpine-2.24+dfsg1/mapi/pmapi.c:1629:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dir, tmpdir); data/alpine-2.24+dfsg1/mapi/pmapi.c:1633:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dir, ms_global->attachDir); data/alpine-2.24+dfsg1/mapi/pmapi.c:1652:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(mime_type, "%s/%s", body_types[part->body.type], part->body.subtype); data/alpine-2.24+dfsg1/mapi/pmapi.c:1670:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(file_ext, tmp_ext); data/alpine-2.24+dfsg1/mapi/pmapi.c:1714:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ms_global->debugFile, path); data/alpine-2.24+dfsg1/mapi/pmapi.c:1755:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pineExe, pineKeyData); data/alpine-2.24+dfsg1/mapi/pmapi.c:1778:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ms_global->pineExe, pineExe); data/alpine-2.24+dfsg1/mapi/pmapi.c:1799:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ms_global->pineExe, defPath); data/alpine-2.24+dfsg1/mapi/pmapi.c:1811:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ms_global->pineExeAlt, strrchr(defPath, '\\')+1); data/alpine-2.24+dfsg1/mapi/pmapi.c:1843:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ms_global->attachDir, ms_global->pineExe); data/alpine-2.24+dfsg1/mapi/pmapi.c:1878:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ms_global->attachDir, defAttachDir); data/alpine-2.24+dfsg1/mapi/pmapi.c:1888:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ms_global->pinerc, penv); data/alpine-2.24+dfsg1/mapi/pmapi.c:1896:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ms_global->pineconf, penv); data/alpine-2.24+dfsg1/mapi/pmapi.c:1907:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ms_global->pinercex, penv); data/alpine-2.24+dfsg1/mapi/pmapi.c:2068:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. i = sprintf(dstName, "%s%s%s", dstDir, data/alpine-2.24+dfsg1/mapi/pmapi.c:2081:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dstName+i-strlen(srcExt), "%03d%s", cnt, srcExt); data/alpine-2.24+dfsg1/mapi/pmapi.c:2093:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. i = sprintf(dstName, "%s%s%s", dstDir, data/alpine-2.24+dfsg1/mapi/pmapi.c:2147:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmpfiles,files); data/alpine-2.24+dfsg1/mapi/pmapi.c:2240:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(url, *keyvalp); data/alpine-2.24+dfsg1/mapi/pmapi.c:2297:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ret, key); data/alpine-2.24+dfsg1/mapi/pmapi.c:2758:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(ms_global->dfd, str, arg1); data/alpine-2.24+dfsg1/mapi/pmapi.c:2841:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp, old); data/alpine-2.24+dfsg1/mapi/pmapi.h:64:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, msg, parm); \ data/alpine-2.24+dfsg1/mapi/pmapi.h:67:46: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define DEBUG_WRITE(msg, parm) { if(MSDEBUG) fprintf(ms_global->dfd,msg,parm);} data/alpine-2.24+dfsg1/mapi/smapi.c:337:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmpseq, tmp); data/alpine-2.24+dfsg1/mapi/smapi.c:340:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmpseq, tmp); data/alpine-2.24+dfsg1/mapi/smapi.c:601:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(adrstr, "SMTP:%s@%s", adrlist->mailbox, adrlist->host); data/alpine-2.24+dfsg1/openssl/include/openssl/evp.h:814:19: [4] (crypto) EVP_des_ecb: DES only supports a 56-bit keysize, which is too small given today's computers (CWE-327). Use a different patent-free encryption algorithm with a larger keysize, such as 3DES or AES. const EVP_CIPHER *EVP_des_ecb(void); data/alpine-2.24+dfsg1/openssl/include/openssl/evp.h:820:11: [4] (crypto) EVP_des_cfb: DES only supports a 56-bit keysize, which is too small given today's computers (CWE-327). Use a different patent-free encryption algorithm with a larger keysize, such as 3DES or AES. # define EVP_des_cfb EVP_des_cfb64 data/alpine-2.24+dfsg1/openssl/include/openssl/evp.h:829:19: [4] (crypto) EVP_des_ofb: DES only supports a 56-bit keysize, which is too small given today's computers (CWE-327). Use a different patent-free encryption algorithm with a larger keysize, such as 3DES or AES. const EVP_CIPHER *EVP_des_ofb(void); data/alpine-2.24+dfsg1/openssl/include/openssl/evp.h:832:19: [4] (crypto) EVP_des_cbc: DES only supports a 56-bit keysize, which is too small given today's computers (CWE-327). Use a different patent-free encryption algorithm with a larger keysize, such as 3DES or AES. const EVP_CIPHER *EVP_des_cbc(void); data/alpine-2.24+dfsg1/openssl/include/openssl/evp.h:835:19: [4] (crypto) EVP_desx_cbc: DES only supports a 56-bit keysize, which is too small given today's computers (CWE-327). Use a different patent-free encryption algorithm with a larger keysize, such as 3DES or AES. const EVP_CIPHER *EVP_desx_cbc(void); data/alpine-2.24+dfsg1/openssl/include/openssl/evp.h:845:19: [4] (crypto) EVP_rc4_40: These keysizes are too small given today's computers (CWE-327). Use a different patent-free encryption algorithm with a larger keysize, such as 3DES or AES. const EVP_CIPHER *EVP_rc4_40(void); data/alpine-2.24+dfsg1/openssl/include/openssl/evp.h:860:19: [4] (crypto) EVP_rc2_40_cbc: These keysizes are too small given today's computers (CWE-327). Use a different patent-free encryption algorithm with a larger keysize, such as 3DES or AES. const EVP_CIPHER *EVP_rc2_40_cbc(void); data/alpine-2.24+dfsg1/openssl/include/openssl/evp.h:861:19: [4] (crypto) EVP_rc2_64_cbc: These keysizes are too small given today's computers (CWE-327). Use a different patent-free encryption algorithm with a larger keysize, such as 3DES or AES. const EVP_CIPHER *EVP_rc2_64_cbc(void); data/alpine-2.24+dfsg1/pico/browse.c:2703:14: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. status = system(child); data/alpine-2.24+dfsg1/pico/display.c:1393:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(t1, sizeof(t1), PICO_TITLE, version); /* write version */ data/alpine-2.24+dfsg1/pico/main.c:219:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #define cpstr(s) strcpy((char *)fs_get(1+strlen(s)), s) data/alpine-2.24+dfsg1/pico/main.c:664:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_1k_buf, sizeof(tmp_1k_buf), _(args_pico_missing_arg), '+'); data/alpine-2.24+dfsg1/pico/main.c:671:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_1k_buf, sizeof(tmp_1k_buf), _(args_pico_missing_num), '+'); data/alpine-2.24+dfsg1/pico/main.c:716:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_1k_buf, sizeof(tmp_1k_buf), _(args_pico_missing_arg), '-'); data/alpine-2.24+dfsg1/pico/main.c:723:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_1k_buf, sizeof(tmp_1k_buf), _(args_pico_missing_num), '-'); data/alpine-2.24+dfsg1/pico/main.c:796:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dictionary[i++], str); data/alpine-2.24+dfsg1/pico/main.c:808:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_1k_buf, sizeof(tmp_1k_buf), _(args_pico_missing_arg_s), cmd); data/alpine-2.24+dfsg1/pico/main.c:838:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_1k_buf, sizeof(tmp_1k_buf), _(args_pico_missing_color), cmd); data/alpine-2.24+dfsg1/pico/main.c:854:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_1k_buf, sizeof(tmp_1k_buf), _(args_pico_output_charset), display_character_set); data/alpine-2.24+dfsg1/pico/main.c:862:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_1k_buf, sizeof(tmp_1k_buf), _(args_pico_input_charset), keyboard_character_set); data/alpine-2.24+dfsg1/pico/main.c:869:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_1k_buf, sizeof(tmp_1k_buf), _(args_pico_missing_charset), cmd); data/alpine-2.24+dfsg1/pico/main.c:966:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_1k_buf, sizeof(tmp_1k_buf), _(args_pico_missing_arg), c); data/alpine-2.24+dfsg1/pico/main.c:992:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_1k_buf, sizeof(tmp_1k_buf), _(args_pico_missing_num), c); data/alpine-2.24+dfsg1/pico/main.c:1014:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_1k_buf, sizeof(tmp_1k_buf), _(args_pico_missing_flag), c); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:288:5: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if(execl("/bin/sh", "sh", "-c", fname_to_locale(eb), (char *) NULL) < 0) data/alpine-2.24+dfsg1/pico/osdep/altedit.c:315:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(prompt, sizeof(prompt), prmpt, (long) filesize); data/alpine-2.24+dfsg1/pico/osdep/color.c:817:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(t->rgb, RGBLEN+1, MATCH_TRAN_COLOR); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:377:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(e, "Can't find first file in \"%s\"", dn); data/alpine-2.24+dfsg1/pico/osdep/msdlg.c:965:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(caption, ncaption, TEXT("%s '%s'"), button_list[maxstrIdx].label, data/alpine-2.24+dfsg1/pico/osdep/msdlg.c:1035:6: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(caption, ncaption, TEXT("%s '%s'"), pB->label, pB->name); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:1623:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(newFont.lfFaceName, LF_FACESIZE, TEXT("%s"), TEXT("Courier New")); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:3713:10: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf (TempBuf, sizeof(TempBuf)/sizeof(TCHAR), szTemp, mswin_specific_winver(), data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5031:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buf, 256, TEXT("%.*s - Alpine"), 80, lptstr_title); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5143:3: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tcbuf, sizeof(tcbuf)/sizeof(TCHAR), data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5178:3: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tcbuf, sizeof(tcbuf)/sizeof(TCHAR), data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5467:4: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tcbuf, sizeof(tcbuf)/sizeof(TCHAR), data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5480:8: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tcbuf, sizeof(tcbuf)/sizeof(TCHAR), data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5968:2: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(newFont.lfFaceName, LF_FACESIZE, TEXT("%s"), fontName_lpt); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8328:2: [4] (buffer) _tcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. _tcscpy (gHomeDir, targDir); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8394:4: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(filters + _tcslen(filters), data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8398:4: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(filters, sizeof(filters)/sizeof(TCHAR), data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8532:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(filters, sizeof(filters)/sizeof(TCHAR), data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8686:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(filters, sizeof(filters)/sizeof(TCHAR), data/alpine-2.24+dfsg1/pico/osdep/mswin.c:10360:2: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(waitingFor, sizeof(waitingFor)/sizeof(TCHAR), data/alpine-2.24+dfsg1/pico/osdep/mswin.c:10606:2: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(msg, sizeof(msg)/sizeof(TCHAR), data/alpine-2.24+dfsg1/pico/osdep/mswin.c:10789:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(keybuf, MSWR_KEY_MAX+1, TEXT("%s%s%s"), MSWR_ROOT, data/alpine-2.24+dfsg1/pico/osdep/mswin.c:10812:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(keybuf, MSWR_KEY_MAX+1, TEXT("%s%s%s"), MSWR_ROOT, data/alpine-2.24+dfsg1/pico/osdep/mswin.c:10842:6: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tmp_lptstr, tmp_lptstr_tcharlen, TEXT("%salpine.exe,0"), path_lptstr); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:10910:8: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tmp_lptstr, tmp_lptstr_tcharlen, data/alpine-2.24+dfsg1/pico/osdep/mswin.c:10927:6: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tmp_lptstr, tmp_lptstr_tcharlen, data/alpine-2.24+dfsg1/pico/osdep/mswin.c:10962:6: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tmp_lptstr, tmp_lptstr_tcharlen, data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11122:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tmp_lptstr, tmp_lptstr_len, data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11126:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tmp_lptstr, tmp_lptstr_len, data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11291:2: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(new_buf+k, new_buf_len - k, TEXT("%s"), pSubKey); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11307:6: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(new_buf+k, new_buf_len - k, data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11332:2: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(new_buf+k, new_buf_len - k, TEXT("%s - Not Defined"), pSubKey); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11910:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tcbuf, 256, TEXT("%c %s %s %s"), is_us ? '+' : ' ', data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11949:3: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(description, DESC_LEN+1, TEXT("Printing failed: %s"), e); data/alpine-2.24+dfsg1/pico/osdep/mswin_aspell.c:116:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(aspell_fullname, ARRAYSIZE(aspell_fullname), data/alpine-2.24+dfsg1/pico/osdep/mswin_spell.c:158:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(dlg_title, ARRAYSIZE(dlg_title), TEXT("Not in Dictionary: %s"), data/alpine-2.24+dfsg1/pico/osdep/mswin_tw.c:311:5: [4] (format) _vsntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _vsntprintf(msg, ARRAYSIZE(msg), fmt, vlist); data/alpine-2.24+dfsg1/pico/osdep/mswin_tw.c:624:13: [4] (shell) ShellExecute: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ShellExecute(hwnd, TEXT("Open"), link_buf, NULL, NULL, SW_SHOWNORMAL); data/alpine-2.24+dfsg1/pico/osdep/newmail.c:53:65: [4] (misc) getlogin: It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid()) and extract the desired information instead. snprintf(inbox, sizeof(inbox), "%s/%s", MAILDIR, (char *) getlogin()); data/alpine-2.24+dfsg1/pico/osdep/popen.c:43:25: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if((g_pico_fio.fp = popen(s, "r")) != NULL) data/alpine-2.24+dfsg1/pico/osdep/shell.c:108:2: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system((shell = (char *)getenv("SHELL")) ? shell : "/bin/csh"); data/alpine-2.24+dfsg1/pico/pilot.c:141:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #define cpstr(s) strcpy((char *)fs_get(1+strlen(s)), s) data/alpine-2.24+dfsg1/pico/pilot.c:285:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_1k_buf, sizeof(tmp_1k_buf), _(args_pilot_missing_color), cmd); data/alpine-2.24+dfsg1/pico/pilot.c:301:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_1k_buf, sizeof(tmp_1k_buf), _(args_pilot_output_charset), display_character_set); data/alpine-2.24+dfsg1/pico/pilot.c:309:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_1k_buf, sizeof(tmp_1k_buf), _(args_pilot_input_charset), keyboard_character_set); data/alpine-2.24+dfsg1/pico/pilot.c:316:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_1k_buf, sizeof(tmp_1k_buf), _(args_pilot_missing_charset), cmd); data/alpine-2.24+dfsg1/pico/pilot.c:373:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_1k_buf, sizeof(tmp_1k_buf), _(args_pilot_missing_arg), c); data/alpine-2.24+dfsg1/pico/pilot.c:388:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_1k_buf, sizeof(tmp_1k_buf), _(args_pilot_missing_num), c); data/alpine-2.24+dfsg1/pico/pilot.c:404:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_1k_buf, sizeof(tmp_1k_buf), _(args_pilot_missing_flag), c); data/alpine-2.24+dfsg1/pith/abdlc.c:1160:34: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(pab->ostatus != Open && pab->access != NoAccess) data/alpine-2.24+dfsg1/pith/adrbklib.c:218:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(pab->access != NoExists){ data/alpine-2.24+dfsg1/pith/adrbklib.c:486:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(warning, warninglen, data/alpine-2.24+dfsg1/pith/adrbklib.c:5144:36: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(pab->type & GLOBAL && pab->access != NoAccess) data/alpine-2.24+dfsg1/pith/adrbklib.c:5325:12: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return(access); data/alpine-2.24+dfsg1/pith/adrbklib.c:5442:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(pab->access != NoAccess){ data/alpine-2.24+dfsg1/pith/adrbklib.h:587:25: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. AccessType access; data/alpine-2.24+dfsg1/pith/charconv/filesys.c:712:12: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return(access(fname_to_locale(path), mode)); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1428:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(pdest, size - (pdest-dest), newfmt, input_str); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1477:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(pdest, size - (pdest-dest), newfmt, int_arg); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1483:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(pdest, size - (pdest-dest), newfmt, input_str); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1490:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(pdest, size - (pdest-dest), newfmt, double_arg); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1496:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(pdest, size - (pdest-dest), newfmt, ptr_arg); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1931:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #define cpstr(s) strcpy((char *)fs_get(1+strlen(s)), s) data/alpine-2.24+dfsg1/pith/charconv/utf8.c:2007:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), data/alpine-2.24+dfsg1/pith/charconv/utf8.c:2282:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(b, sizeof(buf[0])-(b-buf[whichbuf]), done_one ? "%03ld" : "%ld", x); data/alpine-2.24+dfsg1/pith/conf.c:985:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf x ; \ data/alpine-2.24+dfsg1/pith/conf.c:7805:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf2, sizeof(buf2), message, buf1); data/alpine-2.24+dfsg1/pith/context.c:216:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(b, len, pq, name); data/alpine-2.24+dfsg1/pith/context.c:223:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(t, l+1, pq, name); data/alpine-2.24+dfsg1/pith/filter.c:4934:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf + strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/pith/filter.c:9078:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "<%s", line+f2); data/alpine-2.24+dfsg1/pith/ical.c:931:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ical_buf, s); data/alpine-2.24+dfsg1/pith/ical.c:1027:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ical_buf, s); data/alpine-2.24+dfsg1/pith/ical.c:1130:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ical_buf, s); data/alpine-2.24+dfsg1/pith/ical.c:1212:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ical_buf, s); data/alpine-2.24+dfsg1/pith/ical.c:1293:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ical_buf, s); data/alpine-2.24+dfsg1/pith/ical.c:1348:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(token, "%s\r\n", ical->comp); /* this is allocated memory */ data/alpine-2.24+dfsg1/pith/ical.c:1405:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ical_buf, s); data/alpine-2.24+dfsg1/pith/imap.c:1066:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((*l)->passwd, "%s%c%s", authtype, PWDAUTHSEP, passwd); data/alpine-2.24+dfsg1/pith/imap.c:1075:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((*l)->user, "%s%c%s", authtype, PWDAUTHSEP, user); data/alpine-2.24+dfsg1/pith/ldap.c:879:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filter, sizeof(filter), filt_format, scp); data/alpine-2.24+dfsg1/pith/ldap.c:882:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filter, sizeof(filter), filt_format, scp, scp); data/alpine-2.24+dfsg1/pith/ldap.c:885:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filter, sizeof(filter), filt_format, scp, scp, scp); data/alpine-2.24+dfsg1/pith/ldap.c:888:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp); data/alpine-2.24+dfsg1/pith/ldap.c:891:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp); data/alpine-2.24+dfsg1/pith/ldap.c:894:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp, scp); data/alpine-2.24+dfsg1/pith/ldap.c:897:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp, scp, scp); data/alpine-2.24+dfsg1/pith/ldap.c:900:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp, scp, scp, data/alpine-2.24+dfsg1/pith/ldap.c:904:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp, scp, scp, data/alpine-2.24+dfsg1/pith/ldap.c:909:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp, scp, scp, data/alpine-2.24+dfsg1/pith/mailcap.c:938:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(to, SIZEOF_20KBUF-(to-tmp_20k_buf), MC_ADD_TMP, tmp_file); data/alpine-2.24+dfsg1/pith/maillist.c:133:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(h, p); /* assumption #383: decoding shrinks */ data/alpine-2.24+dfsg1/pith/mimedesc.c:660:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp, sizeof(tmp), (flags & FMS_SPACE) ? " %-5.5s" : " %s", p); data/alpine-2.24+dfsg1/pith/osdep/canaccess.c:89:70: [4] (tmpfile) mktemp: Temporary file race condition (CWE-377). strncat(testname, "caXXXXXX", MAXPATH-strlen(testname)-1) && mktemp(testname)){ data/alpine-2.24+dfsg1/pith/osdep/mimedisp.c:389:2: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(keybuf, sizeof(keybuf), TEXT("MIME\\Database\\Content Type\\%s"), mime_type); data/alpine-2.24+dfsg1/pith/osdep/pipe.c:376:6: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(syspipe->argv[0], syspipe->argv); data/alpine-2.24+dfsg1/pith/osdep/pipe.c:398:6: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl(shellpath, shell, command ? "-c" : (char *)NULL, fname_to_locale(command), (char *)NULL); data/alpine-2.24+dfsg1/pith/remote.c:124:17: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(prc->rd->access != NoExists){ data/alpine-2.24+dfsg1/pith/remote.c:207:39: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. (!file || !prc->rd || prc->rd->access != ReadWrite)){ data/alpine-2.24+dfsg1/pith/remtype.h:35:18: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. AccessType access; /* of remote folder */ data/alpine-2.24+dfsg1/pith/reply.c:3366:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(id, "<%s@%s>", leftpart, hostpart); data/alpine-2.24+dfsg1/pith/reply.c:3622:12: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(rd->access != NoExists){ data/alpine-2.24+dfsg1/pith/save.c:1644:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s%s/%s%s%s%s%s%s%s", _("A "), data/alpine-2.24+dfsg1/pith/save.c:1658:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s%s/%s%s%s%s%s", _("A "), data/alpine-2.24+dfsg1/pith/save.c:1692:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s%s/%s%s%s%s%s%s%s%s%s%s%s", data/alpine-2.24+dfsg1/pith/send.c:4141:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(outbuf, outbuflen, printstring, error); data/alpine-2.24+dfsg1/pith/smime.c:1790:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(rd->access != NoExists){ data/alpine-2.24+dfsg1/pith/smime.c:1820:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(rd->access != ReadWrite || rd_remote_is_readonly(rd)){ data/alpine-2.24+dfsg1/pith/smkeys.c:1000:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(rd->access != NoExists){ data/alpine-2.24+dfsg1/pith/smkeys.c:1030:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(rd->access != ReadWrite || rd_remote_is_readonly(rd)){ data/alpine-2.24+dfsg1/pith/status.c:39:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, s, a); data/alpine-2.24+dfsg1/pith/status.c:61:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, s, a1, a2); data/alpine-2.24+dfsg1/pith/status.c:84:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, s, a1, a2, a3); data/alpine-2.24+dfsg1/pith/status.c:108:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, s, a1, a2, a3, a4); data/alpine-2.24+dfsg1/pith/status.c:117:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, s, a1, a2, a3, a4, a5); data/alpine-2.24+dfsg1/pith/status.c:126:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, s, a1, a2, a3, a4, a5, a6); data/alpine-2.24+dfsg1/pith/status.c:153:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, s, a1, a2, a3, a4, a5, a6, a7); data/alpine-2.24+dfsg1/pith/status.c:162:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_20k_buf, SIZEOF_20KBUF, s, a1, a2, a3, a4, a5, a6, a7, a8); data/alpine-2.24+dfsg1/pith/string.c:2855:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sp->name, "%s%s%s", authtype ? authtype : "", data/alpine-2.24+dfsg1/pith/text.c:409:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), ENCODING_DISCLAIMER, body_encodings[att->body->encoding]); data/alpine-2.24+dfsg1/pith/text.c:478:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), CHARSET_DISCLAIMER_1, charset ? charset : "US-ASCII"); data/alpine-2.24+dfsg1/pith/text.c:546:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(p, sizeof(buf)-(p-buf), CHARSET_DISCLAIMER_3, data/alpine-2.24+dfsg1/regex/regcomp.c:1232:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(cs->multis + oldend - 1, cp); data/alpine-2.24+dfsg1/regex/regerror.c:133:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(convbuf, r->name); data/alpine-2.24+dfsg1/regex/regerror.c:145:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(errbuf, s); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:644:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name.sun_path, peSocketName = sname); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3743:12: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(rd->access != NoExists){ data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:4165:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mb.user, p); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:4246:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mb.user, p); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:8268:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(peED.color.bg, tp2); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:8279:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(peED.color.bg, peED.color.bgdef); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:8284:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(peED.color.fg, tp); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:8303:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(peED.color.fg, tp2); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:8314:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(peED.color.fg, peED.color.fgdef); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:8319:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(peED.color.bg, tp); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:8495:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(peED.color.fgdef, peColorStr(color, wtmp_20k_buf)); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:8503:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(peED.color.bgdef, peColorStr(color,wtmp_20k_buf)); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:8954:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(peED.color.fgdef, peColorStr(color, wtmp_20k_buf)); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:8962:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(peED.color.bgdef, peColorStr(color,wtmp_20k_buf)); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:9047:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(peED.color.fgdef, peColorStr(color, wtmp_20k_buf)); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:9055:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(peED.color.bgdef, peColorStr(color,wtmp_20k_buf)); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:9145:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(section, subsection); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:11204:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wtmp_20k_buf, data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:11779:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(errp, s); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:12424:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(err = wtmp_20k_buf, "Unknown Post Option: %s", value); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:12435:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(err = wtmp_20k_buf, "Malformed header (%s)", field); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:13592:29: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(as.adrbks[booknum].access != ReadWrite) return TCL_ERROR; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:13646:29: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(as.adrbks[booknum].access != ReadWrite) return TCL_ERROR; data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:471:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_nfcolor, s); data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:487:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_nbcolor, s); data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:502:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_rfcolor, s); data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:505:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(the_rev_color->fg, _rfcolor); data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:522:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_rbcolor, s); data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:525:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(the_rev_color->bg, _rbcolor); data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:607:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_last_fg_color, s); data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:636:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_last_bg_color, s); data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:663:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ret, _last_fg_color); data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:675:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ret, _last_bg_color); data/alpine-2.24+dfsg1/web/src/alpined.d/imap.c:265:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(peCredentialRequestor, mb->orighost); data/alpine-2.24+dfsg1/web/src/alpined.d/imap.c:279:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pwd, "%s@%s", ps_global->VAR_USER_ID, data/alpine-2.24+dfsg1/web/src/alpined.d/imap.c:305:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(user, mb->user); data/alpine-2.24+dfsg1/web/src/alpined.d/imap.c:311:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(user, cmb.user); data/alpine-2.24+dfsg1/web/src/alpined.d/wpcomm.c:85:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name.sun_path, fname); data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:45:25: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. #define SERVER_LOG(x,y) syslog (LOG_ALERT,x,y) data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:66:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"host@%s",mylocalhost ()); data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:139:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (user,mb->user[0] ? mb->user : myusername ()); data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:143:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (err,"auth_gss_proxy: create pipe error: %s",strerror(errno)); data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:145:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (err,"auth_gss_proxy: create pipe error: %s",strerror(errno)); data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:149:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (err,"auth_gss_proxy: fork error: %s",strerror(errno)); data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:164:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (err,"%s@%s",service,mb->host); data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:165:5: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execlp(AUTH_GSS_PROXY_PATH,AUTH_GSS_PROXY_PATH,err,user,0); data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:179:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (err,"auth_gss_proxy: read error: %s",strerror(errno)); data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:195:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (err,"auth_gss_proxy: read error: %s",strerror(errno)); data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:211:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (err,"auth_gss_proxy: write error: %s",strerror(errno)); data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:214:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (err,"auth_gss_proxy: write error: %s",strerror(errno)); data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:227:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (err,"auth_gss_proxy: read error: %s",strerror(errno)); data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:282:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tmp,"%s@%s",(char *) mail_parameters (NIL,GET_SERVICENAME,NIL), data/alpine-2.24+dfsg1/web/src/pubcookie/id_table.c:221:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path + 6,de->d_name); data/alpine-2.24+dfsg1/web/src/pubcookie/wp_uidmapper.c:137:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sun.sun_path,socketname); data/alpine-2.24+dfsg1/web/src/pubcookie/wp_uidmapper.c:243:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sbuf,"id_table_create_id(%s,[",rbuf); data/alpine-2.24+dfsg1/web/src/pubcookie/wp_uidmapper.c:247:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sbuf + strlen(sbuf) - 1, "]): %s\n",sep); data/alpine-2.24+dfsg1/web/src/pubcookie/wp_uidmapper.c:248:2: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(LOG_ERR,sbuf); data/alpine-2.24+dfsg1/web/src/pubcookie/wp_uidmapper_lib.c:36:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sun.sun_path,sockname); data/alpine-2.24+dfsg1/alpine/alpine.c:213:5: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(getpid() + time(0)); data/alpine-2.24+dfsg1/alpine/alpine.c:785:54: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. printf(_("Terminal type \"%s\" is unknown.\n"), getenv("TERM")); data/alpine-2.24+dfsg1/alpine/alpine.c:791:102: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. printf(_("Your terminal, of type \"%s\", is lacking functions needed to run alpine.\n"), getenv("TERM")); data/alpine-2.24+dfsg1/alpine/busy.c:270:22: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. pick_this_one = random() % eligible; data/alpine-2.24+dfsg1/alpine/dispfilt.c:373:46: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. snprintf(tmp_20k_buf, SIZEOF_20KBUF, "%ld", random()); data/alpine-2.24+dfsg1/alpine/help.c:1298:15: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. i = (int)(random() % 36L); data/alpine-2.24+dfsg1/alpine/help.c:1299:15: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. j = (int)(random() % 36L); data/alpine-2.24+dfsg1/alpine/help.c:1300:15: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. k = (int)(random() % 36L); data/alpine-2.24+dfsg1/alpine/help.c:1301:15: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. l = (int)(random() % 36L); data/alpine-2.24+dfsg1/alpine/help.c:1306:12: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. (int)(random() % 10L), data/alpine-2.24+dfsg1/alpine/imap.c:4294:16: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. hmod = LoadLibrary(TEXT("advapi32.dll")); data/alpine-2.24+dfsg1/alpine/osdep/execview.c:142:5: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if(CreateProcess(NULL, cmd_lpt, NULL, NULL, FALSE, data/alpine-2.24+dfsg1/alpine/osdep/execview.c:142:5: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if(CreateProcess(NULL, cmd_lpt, NULL, NULL, FALSE, data/alpine-2.24+dfsg1/alpine/osdep/termout.unx.c:344:48: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(F_ON(F_ENABLE_XTERM_NEWMAIL, ps_global) && getenv("DISPLAY")) data/alpine-2.24+dfsg1/alpine/osdep/termout.unx.c:978:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. xterm = (getenv("DISPLAY") != NULL) ? yes : no; data/alpine-2.24+dfsg1/alpine/reply.c:2631:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(!getenv("HOME")){ data/alpine-2.24+dfsg1/alpine/send.c:3215:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(!getenv("HOME")){ data/alpine-2.24+dfsg1/alpine/signal.c:817:17: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!((shell = getenv("SHELL")) || (shell = getenv("COMSPEC")))) data/alpine-2.24+dfsg1/alpine/signal.c:817:46: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!((shell = getenv("SHELL")) || (shell = getenv("COMSPEC")))) data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:37:53: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. sprintf(rv + strlen(rv), "%x", (unsigned int) (random() % 256)); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:40:53: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. sprintf(rv + strlen(rv), "%x", (unsigned int) (random() % 256)); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:43:53: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. sprintf(rv + strlen(rv), "%x", (unsigned int) (random() % 256)); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:46:53: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. sprintf(rv + strlen(rv), "%x", (unsigned int) (random() % 256)); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:49:53: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. sprintf(rv + strlen(rv), "%x", (unsigned int) (random() % 256)); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1795:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. (unsigned long) random (),(unsigned long) time (0), data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1863:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. (unsigned long) random (),(unsigned long) time (0), data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1918:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. (unsigned long) random (),(unsigned long) time (0), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:673:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. ((s = getenv ("HOME")) && *s && (strlen (s) < NETMAXMBX) && data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.c:177:42: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. i = strlen (myHomeDir = cpystr ((s = getenv ("HOME")) ? s : "")); data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.c:226:6: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. long random () data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.c:228:14: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!rndm) srand (rndm = (unsigned) time (0L)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.h:40:6: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. long random (void); data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.h:42:16: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define getpid random data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dbw.c:64:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!((s = getenv ("DISPLAY")) || (s = getenv ("display")))) { data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dbw.c:64:44: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!((s = getenv ("DISPLAY")) || (s = getenv ("display")))) { data/alpine-2.24+dfsg1/imap/src/osdep/mac/env_mac.c:211:6: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. long random () data/alpine-2.24+dfsg1/imap/src/osdep/mac/os_mac.h:69:6: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. long random (void); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:244:6: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. long random (void) data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:246:14: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!rndm) srand (rndm = (unsigned) time (0L)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:491:33: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. else if ((netapi || (netapi = LoadLibrary ("netapi32.dll"))) && data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:503:17: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. else if ((s = getenv ("USERPROFILE")) && (t = strrchr (s,'\\'))) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:519:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *s = getenv ("SystemDrive"); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:544:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (p = getenv ("HOMEPATH")) data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:546:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. (d = getenv ("HOMEDRIVE")) ? d : defaultDrive (),p); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:547:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. else if (!(path = getenv ("HOME"))) data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:701:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!((s = lockdir (lock,getenv ("windir"),"TEMP")) || data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:703:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. (s = lockdir (lock,getenv ("TEMP"),NIL)) || data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:704:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. (s = lockdir (lock,getenv ("TMP"),NIL)) || data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:705:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. (s = lockdir (lock,getenv ("TMPDIR"),NIL)) || data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.h:68:6: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. long random (void); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.h:71:16: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define getpid random data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:115:17: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. if (((lib = LoadLibrary ("schannel.dll")) || data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:116:10: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. (lib = LoadLibrary ("security.dll"))) && data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:127:13: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. if ((lib = LoadLibrary ("crypt32.dll")) && data/alpine-2.24+dfsg1/imap/src/osdep/nt/yunchan.c:303:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *s = _tempnam (getenv ("TEMP"),"msg"); data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.c:166:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((s = getenv ("PINEHOME")) || (s = getenv ("HOME")) || data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.c:166:43: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((s = getenv ("PINEHOME")) || (s = getenv ("HOME")) || data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.c:167:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. (s = getenv ("ETC"))) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.c:210:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!((s = lockdir (lock,getenv ("TEMP"),NIL)) || data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.c:211:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. (s = lockdir (lock,getenv ("TMP"),NIL)) || data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.c:212:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. (s = lockdir (lock,getenv ("TMPDIR"),NIL)) || data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.c:292:6: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. long random () data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.c:294:14: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!rndm) srand (rndm = (unsigned) time (0L)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.h:34:6: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. long random (void); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:806:27: [3] (misc) chroot: chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22). Make sure the program immediately chdir("/"), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root. if (chdir (home) || chroot (home)) data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:943:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. ((s = getenv ("HOME")) && *s && (strlen (s) < NETMAXMBX) && data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_aos.h:37:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *getenv (char *name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_art.h:47:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random lrand48 data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_art.h:47:16: [3] (random) lrand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random lrand48 data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_art.h:59:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *getenv (char *name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_asv.h:50:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random lrand48 data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_asv.h:50:16: [3] (random) lrand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random lrand48 data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_asv.h:56:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *getenv (char *name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_bsd.h:38:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *getenv (char *name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_drs.h:42:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random rand data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_hpp.h:44:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random lrand48 data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_hpp.h:44:16: [3] (random) lrand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random lrand48 data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_isc.h:54:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random lrand48 data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_isc.h:54:16: [3] (random) lrand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random lrand48 data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_ptx.h:52:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random lrand48 data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_ptx.h:52:16: [3] (random) lrand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random lrand48 data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_qnx.h:62:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. extern long random (void); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sco.h:62:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random rand data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_shp.h:44:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random lrand48 data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_shp.h:44:16: [3] (random) lrand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random lrand48 data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_soln.h:63:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random lrand48 data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_soln.h:63:16: [3] (random) lrand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random lrand48 data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_solo.h:63:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random lrand48 data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_solo.h:63:16: [3] (random) lrand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random lrand48 data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sv2.h:55:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random lrand48 data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sv2.h:55:16: [3] (random) lrand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random lrand48 data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sv2.h:93:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *getenv (char *name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sv4.h:59:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random lrand48 data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sv4.h:59:16: [3] (random) lrand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random lrand48 data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_vu2.h:65:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *getenv (char *name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:871:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((s = getenv (t = "SSH_CLIENT")) || data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:872:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. (s = getenv (t = "KRB5REMOTEADDR")) || data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:873:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. (s = getenv (t = "SSH2_CLIENT"))) { data/alpine-2.24+dfsg1/imap/src/osdep/vms/os_vms.h:47:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random rand data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsn.c:196:43: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!myLocalHost) myLocalHost = cpystr (getenv ("SYS$NODE")); data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.c:175:6: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. long random () data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.c:177:14: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!rndm) srand (rndm = (unsigned) time (0L)); data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.c:188:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. return ((s = getenv ("SystemDrive")) && *s) ? s : "C:"; data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.c:199:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. return ((s = getenv ("HOMEDRIVE")) && *s) ? s : defaultDrive (); data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.c:212:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!((s = getenv ("HOMEPATH")) && (i = strlen (s)))) return NIL; data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.h:40:6: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. long random (void); data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.h:44:16: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define getpid random data/alpine-2.24+dfsg1/ldap/inckit/proto-lb.h:101:5: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int getopt( int nargc, char **nargv, char *ostr ); data/alpine-2.24+dfsg1/ldap/kbind.c:291:25: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. instKrbv4DLL = LoadLibrary("Krbv4win.DLL"); data/alpine-2.24+dfsg1/mapi/instmapi.c:201:14: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. hDll = LoadLibrary(mapifile); data/alpine-2.24+dfsg1/mapi/pmapi.c:1206:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if((p3 = getenv(p1+2)) && *p3) data/alpine-2.24+dfsg1/mapi/pmapi.c:1624:17: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(tmpdir = getenv("TEMP")){ data/alpine-2.24+dfsg1/mapi/pmapi.c:1628:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. else if(tmpdir = getenv("TMP")){ data/alpine-2.24+dfsg1/mapi/pmapi.c:1884:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(penv = getenv("PINERC")){ data/alpine-2.24+dfsg1/mapi/pmapi.c:1892:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(penv = getenv("PINECONF")){ data/alpine-2.24+dfsg1/mapi/pmapi.c:1903:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(penv = getenv("PINERCEX")){ data/alpine-2.24+dfsg1/pico/browse.c:718:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if((envp = (char *) getenv("EDITOR")) != NULL) data/alpine-2.24+dfsg1/pico/browse.c:1553:25: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. (envp = (char *) getenv("PAGER")) data/alpine-2.24+dfsg1/pico/osdep/altedit.c:124:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(!(path = getenv("PATH"))) data/alpine-2.24+dfsg1/pico/osdep/altedit.c:149:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(getenv("EDITOR")){ data/alpine-2.24+dfsg1/pico/osdep/altedit.c:150:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. strncpy(eb, (char *)getenv("EDITOR"), sizeof(eb)); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:418:5: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(getenv("EDITOR")){ data/alpine-2.24+dfsg1/pico/osdep/altedit.c:419:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. strncpy(eb, (char *)getenv("EDITOR"), sizeof(eb)); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:495:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!(home = (char *) getenv("HOME"))) data/alpine-2.24+dfsg1/pico/osdep/filesys.c:510:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(!(home = (char *) getenv("HOME")) data/alpine-2.24+dfsg1/pico/osdep/filesys.c:511:8: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. && getenv("HOMEDRIVE") && getenv("HOMEPATH")) data/alpine-2.24+dfsg1/pico/osdep/filesys.c:511:31: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. && getenv("HOMEDRIVE") && getenv("HOMEPATH")) data/alpine-2.24+dfsg1/pico/osdep/filesys.c:513:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. (char *) getenv("HOMEDRIVE"), (char *) getenv("HOMEPATH")); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:513:44: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. (char *) getenv("HOMEDRIVE"), (char *) getenv("HOMEPATH")); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:721:10: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. (dir = getenv("TMPDIR")) || data/alpine-2.24+dfsg1/pico/osdep/filesys.c:722:10: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. (dir = getenv("TMP")) || data/alpine-2.24+dfsg1/pico/osdep/filesys.c:723:10: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. (dir = getenv("TEMP")))) data/alpine-2.24+dfsg1/pico/osdep/mouse.c:63:8: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(getenv("DISPLAY")){ data/alpine-2.24+dfsg1/pico/osdep/mswin.c:10353:11: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. brc = CreateProcess(NULL, exec_data.lptstr_command, NULL, NULL, data/alpine-2.24+dfsg1/pico/osdep/mswin.c:10353:11: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. brc = CreateProcess(NULL, exec_data.lptstr_command, NULL, NULL, data/alpine-2.24+dfsg1/pico/osdep/mswin_aspell.c:133:18: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. mod_aspell = LoadLibrary(aspell_fullname); data/alpine-2.24+dfsg1/pico/osdep/mswin_tw.c:87:9: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. LoadLibrary(TEXT("riched20.dll")); data/alpine-2.24+dfsg1/pico/osdep/newmail.c:49:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if((p = (char *)getenv("MAIL")) != NULL) data/alpine-2.24+dfsg1/pico/osdep/shell.c:108:26: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. system((shell = (char *)getenv("SHELL")) ? shell : "/bin/csh"); data/alpine-2.24+dfsg1/pico/osdep/spell.c:109:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if((sp = (char *)getenv("SPELL")) == NULL) data/alpine-2.24+dfsg1/pico/osdep/spell.c:128:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(!(path = getenv("PATH"))) data/alpine-2.24+dfsg1/pico/osdep/terminal.c:313:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. ttnm = getenv("TERM"); data/alpine-2.24+dfsg1/pico/osdep/terminal.c:397:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. er = getenv("LINES"); data/alpine-2.24+dfsg1/pico/osdep/terminal.c:408:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. ec = getenv("COLUMNS"); data/alpine-2.24+dfsg1/pico/osdep/terminal.c:1072:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!(tv_stype = getenv("TERM")) || !strncpy(term_name, tv_stype, sizeof(term_name))){ data/alpine-2.24+dfsg1/pico/osdep/terminal.c:1172:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. er = getenv("LINES"); data/alpine-2.24+dfsg1/pico/osdep/terminal.c:1183:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. ec = getenv("COLUMNS"); data/alpine-2.24+dfsg1/pico/osdep/terminal.c:1709:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *getenv(); data/alpine-2.24+dfsg1/pico/osdep/terminal.c:1711:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((cp = getenv("TERM")) == NULL) { data/alpine-2.24+dfsg1/pith/charconv/filesys.c:682:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if((p = getenv(env_variable)) != NULL){ data/alpine-2.24+dfsg1/pith/conf.c:1058:25: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(!ps->prc && (p = getenv("PINERC")) && *p){ data/alpine-2.24+dfsg1/pith/conf.c:1384:27: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(!ps->pconf && (p = getenv("PINECONF"))){ data/alpine-2.24+dfsg1/pith/conf.c:1438:32: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(!ps->exceptions && (p = getenv("PINERCEX")) && *p){ data/alpine-2.24+dfsg1/pith/conf.c:5051:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if((p = getenv(word)) != NULL){ /* check for word in environment */ data/alpine-2.24+dfsg1/pith/conf.c:6069:5: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. if(realpath(filename, realfilename) == NULL) data/alpine-2.24+dfsg1/pith/conf.c:6424:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(p = getenv("PINERC")){ data/alpine-2.24+dfsg1/pith/mailcap.c:158:58: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. pathcopy = mc_conf_path(ps_global->VAR_MAILCAP_PATH, getenv("MAILCAPS"), data/alpine-2.24+dfsg1/pith/mailcap.c:541:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(can_access_in_path(getenv("PATH"), command, EXECUTE_ACCESS) >= 0) data/alpine-2.24+dfsg1/pith/mimetype.c:152:59: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. pathcopy = mc_conf_path(ps_global->VAR_MIMETYPE_PATH, getenv("MIMETYPES"), data/alpine-2.24+dfsg1/pith/newmail.c:683:70: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. snprintf(subj_leadin, sizeof(subj_leadin), " %s ", carray[(unsigned)random()%12]); data/alpine-2.24+dfsg1/pith/osdep/creatdir.c:96:41: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. sprintf(s, "%x%x%x", (unsigned int)(random() % 256), (unsigned int)(random() % 256), data/alpine-2.24+dfsg1/pith/osdep/creatdir.c:96:73: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. sprintf(s, "%x%x%x", (unsigned int)(random() % 256), (unsigned int)(random() % 256), data/alpine-2.24+dfsg1/pith/osdep/creatdir.c:97:24: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. (unsigned int)(random() % 256)); data/alpine-2.24+dfsg1/pith/osdep/fnexpand.c:45:5: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(getenv("HOME") != NULL) data/alpine-2.24+dfsg1/pith/osdep/fnexpand.c:46:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. temp_home_str = getenv("HOME"); data/alpine-2.24+dfsg1/pith/osdep/fnexpand.c:51:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if((p = (char *) getenv("HOMEDRIVE")) data/alpine-2.24+dfsg1/pith/osdep/fnexpand.c:52:26: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. && (q = (char *) getenv("HOMEPATH"))) data/alpine-2.24+dfsg1/pith/osdep/pipe.c:301:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(can_access_in_path(getenv("PATH"), syspipe->argv[0], data/alpine-2.24+dfsg1/pith/osdep/pipe.c:381:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if((env = getenv("SHELL")) && (sh = strrchr(env, '/'))){ data/alpine-2.24+dfsg1/pith/osdep/temp_nam.c:247:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(!dir && (f = getenv("TMPDIR")) && !our_stat(f, &buf) && data/alpine-2.24+dfsg1/pith/osdep/temp_nam.c:255:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(!dir && (f = getenv("TMP")) && !our_stat(f, &buf) && data/alpine-2.24+dfsg1/pith/osdep/temp_nam.c:263:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(!dir && (f = getenv("TEMP")) && !our_stat(f, &buf) && data/alpine-2.24+dfsg1/pith/remote.c:1740:8: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. r = random(); data/alpine-2.24+dfsg1/pith/send.c:2849:62: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. snprintf (tmp,sizeof(tmp),"%ld-%ld-%ld=:%ld",gethostid (),random (),(long) time (0), data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:556:5: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(getpid() + time(0)); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:584:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(buf = getenv("REMOTE_USER")) data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:618:38: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. for(argerr = 0; !argerr && ((n = getopt(argc,argv,"d")) != -1); ) { data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:10808:36: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. pine_state->home_dir = cpystr((getenv("HOME") != NULL) data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:10809:11: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. ? getenv("HOME") data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15845:6: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. n = random(); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15858:6: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if(random() % 2){ data/alpine-2.24+dfsg1/web/src/pubcookie/wp_tclsh.c:88:10: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. user = getenv("REMOTE_USER"); data/alpine-2.24+dfsg1/web/src/pubcookie/wp_tclsh.c:89:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(!((((cookie = getenv("QUERY_STRING")) data/alpine-2.24+dfsg1/web/src/pubcookie/wp_tclsh.c:91:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. || ((cookie = getenv("HTTP_COOKIE")) data/alpine-2.24+dfsg1/web/src/pubcookie/wp_uidmapper.c:77:36: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. for(is_err = 0; !is_err && ((i = getopt(argc,argv,"dlrm:s:u:")) != -1); ) { data/alpine-2.24+dfsg1/alpine/addrbook.c:417:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lbuf[6*MAX_SCREEN_COLS + 1]; data/alpine-2.24+dfsg1/alpine/addrbook.c:533:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char special[6*MAX_SCREEN_COLS-1]; data/alpine-2.24+dfsg1/alpine/addrbook.c:1588:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save_jmp_buf, addrbook_changed_unexpectedly, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/addrbook.c:1606:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrbook_changed_unexpectedly, save_jmp_buf, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/addrbook.c:1629:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save_jmp_buf, addrbook_changed_unexpectedly, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/addrbook.c:1646:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrbook_changed_unexpectedly, save_jmp_buf, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/addrbook.c:1669:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save_jmp_buf, addrbook_changed_unexpectedly, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/addrbook.c:1686:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrbook_changed_unexpectedly, save_jmp_buf, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/addrbook.c:1711:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save_jmp_buf, addrbook_changed_unexpectedly, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/addrbook.c:1729:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrbook_changed_unexpectedly, save_jmp_buf, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/addrbook.c:1754:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save_jmp_buf, addrbook_changed_unexpectedly, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/addrbook.c:1777:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrbook_changed_unexpectedly, save_jmp_buf, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/addrbook.c:1802:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save_jmp_buf, addrbook_changed_unexpectedly, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/addrbook.c:1821:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrbook_changed_unexpectedly, save_jmp_buf, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/addrbook.c:1844:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save_jmp_buf, addrbook_changed_unexpectedly, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/addrbook.c:1861:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrbook_changed_unexpectedly, save_jmp_buf, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/addrbook.c:1884:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save_jmp_buf, addrbook_changed_unexpectedly, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/addrbook.c:1902:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrbook_changed_unexpectedly, save_jmp_buf, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/addrbook.c:1928:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save_jmp_buf, addrbook_changed_unexpectedly, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/addrbook.c:1953:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrbook_changed_unexpectedly, save_jmp_buf, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/addrbook.c:1976:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save_jmp_buf, addrbook_changed_unexpectedly, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/addrbook.c:1993:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrbook_changed_unexpectedly, save_jmp_buf, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/addrbook.c:2281:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80], *bp; data/alpine-2.24+dfsg1/alpine/addrbook.c:3136:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nickbuf[MAX_NICKNAME + 1]; data/alpine-2.24+dfsg1/alpine/addrbook.c:5170:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bb[100]; data/alpine-2.24+dfsg1/alpine/addrbook.c:5497:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sstring[80+1], prompt[80]; data/alpine-2.24+dfsg1/alpine/addrbook.c:6311:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char search_string[MAX_SEARCH + 1]; data/alpine-2.24+dfsg1/alpine/addrbook.c:6312:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[MAX_SEARCH + 50], nsearch_string[MAX_SEARCH+1], *p; data/alpine-2.24+dfsg1/alpine/addrbook.c:6868:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/alpine-2.24+dfsg1/alpine/addrbook.c:6883:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[4]; data/alpine-2.24+dfsg1/alpine/addrbook.c:7099:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unambig[1000]; data/alpine-2.24+dfsg1/alpine/addrbook.c:7231:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:141:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[500]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:564:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fakeaddrpmt[500]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:914:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char titlebar[40]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:915:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nickpmt[100], fullpmt[100], fccpmt[100], cmtpmt[100], addrpmt[100]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:1373:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_NICKNAME + 80]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:1466:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save_jmp_buf, addrbook_changed_unexpectedly, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:1507:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrbook_changed_unexpectedly, save_jmp_buf, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:1555:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[90]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:1694:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char titlebar[100]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:1696:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1000+MAXFOLDER]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:1698:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char servpmt[100], foldpmt[100], nickpmt[100]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2106:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_file[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2107:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rem_abook[MAILTMPLEN+3], prompt[MAILTMPLEN], old_nick[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2369:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2629:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rem_pinerc_prefix[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2647:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2737:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[MAILTMPLEN], rem_pinerc[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:3034:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[200]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:3238:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning[800]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:3276:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[100]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:3495:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[200]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:3753:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[200]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:4166:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPATH+1], full_filename[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:4957:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eol[3]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:5237:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warn[2][MAX_NICKNAME+1]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:5238:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning[MAX_NICKNAME+1]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:5239:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAX(200,2*MAX_NICKNAME+80)]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:5736:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spaces[100]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:5737:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char more_spaces[100]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:5738:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[500]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:5981:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lbuf[6*MAX_SCREEN_COLS + 1]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:6153:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[80]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:6345:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[200]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:6597:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fbuf[FILTSIZE+1]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:6877:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:7163:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char obuf[W+10]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:7164:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hdr[6*INDENTHERE+1], hdr2[6*INDENTHERE+1]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:7226:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:7565:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ebuf[300]; data/alpine-2.24+dfsg1/alpine/alpine.c:895:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/alpine.c:1070:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char int_mail[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/alpine.c:1125:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[6*MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/alpine.c:1126:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[6*MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/alpine.c:1174:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[6*MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/alpine.c:1175:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[6*MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/alpine.c:1206:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char foldername[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/alpine.c:2184:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char label[LONGEST_LABEL + 2 + 1], /* label + brackets + \0 */ data/alpine-2.24+dfsg1/alpine/alpine.c:2254:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4*MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/alpine.c:2255:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[4*MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/alpine.c:2698:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sig_path[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/alpine.c:3057:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). v = atoi((*p)+1); data/alpine-2.24+dfsg1/alpine/alpine.c:3259:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/alpine.c:3456:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/alpine/arg.c:235:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(options[nlines++], " \\"); data/alpine-2.24+dfsg1/alpine/arg.c:830:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPATH], dir[MAXPATH]; data/alpine-2.24+dfsg1/alpine/arg.c:876:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPATH], dir[MAXPATH]; data/alpine-2.24+dfsg1/alpine/arg.c:911:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pine_state->init_context = (short) atoi(str); data/alpine-2.24+dfsg1/alpine/arg.c:924:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pine_state->start_entry = atoi(str); data/alpine-2.24+dfsg1/alpine/arg.c:991:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char list[500]; data/alpine-2.24+dfsg1/alpine/arg.c:1059:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rev[128]; data/alpine-2.24+dfsg1/alpine/arg.c:1136:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(q+1); data/alpine-2.24+dfsg1/alpine/arg.c:1157:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). debug = atoi(q+1); data/alpine-2.24+dfsg1/alpine/arg.c:1169:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(q+1); data/alpine-2.24+dfsg1/alpine/arg.c:1183:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(q+1); data/alpine-2.24+dfsg1/alpine/arg.c:1198:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(q+1); data/alpine-2.24+dfsg1/alpine/arg.c:1215:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). debug = atoi(debug_str); data/alpine-2.24+dfsg1/alpine/arg.c:1299:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp[2]; data/alpine-2.24+dfsg1/alpine/arg.c:1340:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[256], *errp; data/alpine-2.24+dfsg1/alpine/arg.c:1411:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/arg.c:1449:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/arg.c:1518:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/busy.c:47:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char busy_message[MAX_BM + 1]; data/alpine-2.24+dfsg1/alpine/busy.c:62:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *bars[MAX_SPINNER_ELEMENTS]; data/alpine-2.24+dfsg1/alpine/busy.c:197:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char progress[MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/busy.c:218:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[sizeof(progress) + 30]; data/alpine-2.24+dfsg1/alpine/busy.c:349:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbuf[MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/busy.c:396:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[MAX_SPINNER_WIDTH + 2]; data/alpine-2.24+dfsg1/alpine/busy.c:440:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char progress[MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/colorconf.c:177:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1200]; data/alpine-2.24+dfsg1/alpine/colorconf.c:659:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[2000]; data/alpine-2.24+dfsg1/alpine/colorconf.c:754:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[100+1]; data/alpine-2.24+dfsg1/alpine/colorconf.c:828:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[100+1]; data/alpine-2.24+dfsg1/alpine/colorconf.c:1069:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[256]; data/alpine-2.24+dfsg1/alpine/colorconf.c:1085:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *starting_val, *val, tmp[100], ***alval, **apval; data/alpine-2.24+dfsg1/alpine/colorconf.c:1258:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[100], sval[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/colorconf.c:2680:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1200+1], name[1200], *p; data/alpine-2.24+dfsg1/alpine/confscroll.c:225:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[100]; data/alpine-2.24+dfsg1/alpine/confscroll.c:467:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/confscroll.c:1058:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, last[64]; data/alpine-2.24+dfsg1/alpine/confscroll.c:1557:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[81], *sval, *tmp, *swap_val, **newval = NULL; data/alpine-2.24+dfsg1/alpine/confscroll.c:1714:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpval[101]; data/alpine-2.24+dfsg1/alpine/confscroll.c:1922:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpval[101]; data/alpine-2.24+dfsg1/alpine/confscroll.c:1946:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). numval = atoi(sval); data/alpine-2.24+dfsg1/alpine/confscroll.c:1949:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). numval = atoi(pval); data/alpine-2.24+dfsg1/alpine/confscroll.c:1975:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). numval = atoi(sval); data/alpine-2.24+dfsg1/alpine/confscroll.c:1978:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). numval = atoi(pval); data/alpine-2.24+dfsg1/alpine/confscroll.c:2010:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pmt[80]; data/alpine-2.24+dfsg1/alpine/confscroll.c:2024:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pmt[80]; data/alpine-2.24+dfsg1/alpine/confscroll.c:2290:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). numval = atoi(sval); data/alpine-2.24+dfsg1/alpine/confscroll.c:2311:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). numval = atoi(sval); data/alpine-2.24+dfsg1/alpine/confscroll.c:3754:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[500]; data/alpine-2.24+dfsg1/alpine/confscroll.c:3848:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[6*MAX_SCREEN_COLS+20], *pvalnorm, **lvalnorm, *pvalexc, **lvalexc; data/alpine-2.24+dfsg1/alpine/confscroll.c:4054:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[6*MAXPATH]; data/alpine-2.24+dfsg1/alpine/confscroll.c:4133:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[6*MAXPATH], *pvalnorm, *pvalexc; data/alpine-2.24+dfsg1/alpine/confscroll.c:4223:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[6*MAXPATH]; data/alpine-2.24+dfsg1/alpine/confscroll.c:4331:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[6*MAXPATH]; data/alpine-2.24+dfsg1/alpine/confscroll.c:4373:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[6*MAXPATH]; data/alpine-2.24+dfsg1/alpine/confscroll.c:4874:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[300]; data/alpine-2.24+dfsg1/alpine/confscroll.c:5738:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). score = atoi(var->current_val.p); data/alpine-2.24+dfsg1/alpine/conftype.h:67:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char address[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/context.c:579:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[256]; data/alpine-2.24+dfsg1/alpine/context.c:726:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *raw_ctxt, tpath[MAILTMPLEN], *p, **lval; data/alpine-2.24+dfsg1/alpine/context.c:789:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/dispfilt.c:62:49: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if((cmd = expand_filter_tokens(rawcmd,NULL,&tmpfile,&resultf,NULL,&key,NULL, &silent)) != NULL){ data/alpine-2.24+dfsg1/alpine/dispfilt.c:79:5: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if(tmpfile){ data/alpine-2.24+dfsg1/alpine/dispfilt.c:87:37: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if((tmpf_so = so_get(FileStar, tmpfile, WRITE_ACCESS|OWNER_ONLY|WRITE_TO_LOCALE)) != NULL){ data/alpine-2.24+dfsg1/alpine/dispfilt.c:110:27: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if((fp = our_fopen(tmpfile, "rb")) != NULL){ data/alpine-2.24+dfsg1/alpine/dispfilt.c:131:14: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). our_unlink(tmpfile); data/alpine-2.24+dfsg1/alpine/flagmaint.c:50:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1200], **p, *spacer; data/alpine-2.24+dfsg1/alpine/flagmaint.c:170:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyword[500]; data/alpine-2.24+dfsg1/alpine/flagmaint.c:171:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nickname[500]; data/alpine-2.24+dfsg1/alpine/flagmaint.c:172:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[500]; data/alpine-2.24+dfsg1/alpine/folder.c:103:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char first_folder[MAXFOLDER]; data/alpine-2.24+dfsg1/alpine/folder.c:283:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN], *p, *q; data/alpine-2.24+dfsg1/alpine/folder.c:363:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title[50], htitle[50]; data/alpine-2.24+dfsg1/alpine/folder.c:711:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path_in_context[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/folder.c:800:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path_in_context[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/folder.c:815:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAX(MAILTMPLEN,NETMAXMBX)]; data/alpine-2.24+dfsg1/alpine/folder.c:910:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char servpart[MAILTMPLEN], new_cntxt[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/folder.c:911:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathpart[MAILTMPLEN], allbutnick[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/folder.c:912:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN], *nick, *serv, *path, *view, data/alpine-2.24+dfsg1/alpine/folder.c:914:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nickpmt[100], servpmt[100], pathpmt[100], viewpmt[100]; data/alpine-2.24+dfsg1/alpine/folder.c:1147:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[256], tmp[MAILTMPLEN], tmpnodel[MAILTMPLEN], *server, *path, data/alpine-2.24+dfsg1/alpine/folder.c:1286:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char rbuf[20]; data/alpine-2.24+dfsg1/alpine/folder.c:1287:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[256]; data/alpine-2.24+dfsg1/alpine/folder.c:1483:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&keys[0], fs->km->keys, data/alpine-2.24+dfsg1/alpine/folder.c:1583:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lbuf[6*MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/folder.c:1638:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[6*MAX_SCREEN_COLS + 1]; data/alpine-2.24+dfsg1/alpine/folder.c:1700:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[6*MAX_SCREEN_COLS + 1]; data/alpine-2.24+dfsg1/alpine/folder.c:1942:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/alpine/folder.c:2042:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/alpine/folder.c:2086:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/alpine-2.24+dfsg1/alpine/folder.c:2275:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_output[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/folder.c:2357:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_file[2*MAXFOLDER+10]; data/alpine-2.24+dfsg1/alpine/folder.c:2427:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_file[2*MAXFOLDER+10]; data/alpine-2.24+dfsg1/alpine/folder.c:2467:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_file[MAXFOLDER+1]; data/alpine-2.24+dfsg1/alpine/folder.c:2506:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char next_folder[MAILTMPLEN+1]; data/alpine-2.24+dfsg1/alpine/folder.c:2747:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mailbox_name[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/folder.c:2913:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addname[MAXFOLDER+1]; data/alpine-2.24+dfsg1/alpine/folder.c:3524:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s, oldir[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/folder.c:3574:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[2*MAILTMPLEN], tmp2[2*MAILTMPLEN], *p; data/alpine-2.24+dfsg1/alpine/folder.c:3633:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expanded_file[MAILTMPLEN], *p, data/alpine-2.24+dfsg1/alpine/folder.c:3867:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPATH+1], full_filename[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/folder.c:3914:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newfolder[MAILTMPLEN], nmsgs[32]; data/alpine-2.24+dfsg1/alpine/folder.c:4038:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAX(MAXFOLDER,6*MAX_SCREEN_COLS)+1], nickname[32], data/alpine-2.24+dfsg1/alpine/folder.c:4052:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mdmbox[MAILTMPLEN], ctmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/folder.c:4064:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inbox_host[MAXPATH], *beg, *end = NULL; data/alpine-2.24+dfsg1/alpine/folder.c:5060:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/folder.c:5303:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *folder, prompt[64], *name_p = NULL; data/alpine-2.24+dfsg1/alpine/folder.c:5575:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *folder, ques_buf[MAX_SCREEN_COLS+1], *target = NULL, data/alpine-2.24+dfsg1/alpine/folder.c:5893:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[256]; data/alpine-2.24+dfsg1/alpine/folder.c:5928:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pattern[MAILTMPLEN], type = '\0'; data/alpine-2.24+dfsg1/alpine/folder.c:5962:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/folder.c:6104:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/folder.c:6142:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char number[32], prompt[128]; data/alpine-2.24+dfsg1/alpine/folder.c:6162:24: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if((*count = atol(number)) < 0L) data/alpine-2.24+dfsg1/alpine/folder.c:6242:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg_buf[MAX_BM+1]; data/alpine-2.24+dfsg1/alpine/folder.c:6385:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[128]; data/alpine-2.24+dfsg1/alpine/folder.c:6387:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/folder.c:6408:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg_buf[MAX_BM+1]; data/alpine-2.24+dfsg1/alpine/folder.c:6543:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[6*MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/folder.c:6596:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[200]; data/alpine-2.24+dfsg1/alpine/folder.c:6899:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN+1]; data/alpine-2.24+dfsg1/alpine/help.c:280:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&keys[0], help_keymenu.keys, data/alpine-2.24+dfsg1/alpine/help.c:431:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[64]; data/alpine-2.24+dfsg1/alpine/help.c:451:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. {char help_name[40]; data/alpine-2.24+dfsg1/alpine/help.c:507:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *error, buf[256]; data/alpine-2.24+dfsg1/alpine/help.c:603:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/alpine/help.c:707:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char debugkeylabel[20]; data/alpine-2.24+dfsg1/alpine/help.c:1048:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN], *p; data/alpine-2.24+dfsg1/alpine/help.c:1321:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256+1]; data/alpine-2.24+dfsg1/alpine/imap.c:346:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/alpine-2.24+dfsg1/alpine/imap.c:395:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[1024]; data/alpine-2.24+dfsg1/alpine/imap.c:396:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reply[1024]; data/alpine-2.24+dfsg1/alpine/imap.c:403:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s, _("Please select below the authorization flow you would like to follow:")); data/alpine-2.24+dfsg1/alpine/imap.c:404:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s + strlen(s), _("Please select the client-id to use from the following list.\n\n")); data/alpine-2.24+dfsg1/alpine/imap.c:408:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s + strlen(s), " %d) %.70s\n", j++, oa2list->name); data/alpine-2.24+dfsg1/alpine/imap.c:416:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sel = atoi(reply); data/alpine-2.24+dfsg1/alpine/imap.c:467:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/imap.c:567:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[MAILTMPLEN], token[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/imap.c:653:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/imap.c:766:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[MAILTMPLEN], token[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/imap.c:890:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *token, tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/imap.c:891:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[4*MAILTMPLEN], value[4*MAILTMPLEN], *last; data/alpine-2.24+dfsg1/alpine/imap.c:892:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char defuser[NETMAXUSER]; data/alpine-2.24+dfsg1/alpine/imap.c:893:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostleadin[80], hostname[200], defubuf[200]; data/alpine-2.24+dfsg1/alpine/imap.c:894:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logleadin[80], pwleadin[50]; data/alpine-2.24+dfsg1/alpine/imap.c:1198:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%lu", SaveExpirationTime); data/alpine-2.24+dfsg1/alpine/imap.c:1349:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[sizeof(ps_global->c_client_error)]; data/alpine-2.24+dfsg1/alpine/imap.c:1458:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/imap.c:1459:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[1000], *last; data/alpine-2.24+dfsg1/alpine/imap.c:1460:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port[20], non_def_port[20], insecure[20]; data/alpine-2.24+dfsg1/alpine/imap.c:1461:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char defuser[NETMAXUSER]; data/alpine-2.24+dfsg1/alpine/imap.c:1462:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostleadin[80], hostname[200], defubuf[200]; data/alpine-2.24+dfsg1/alpine/imap.c:1463:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logleadin[80], pwleadin[50]; data/alpine-2.24+dfsg1/alpine/imap.c:1464:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostlist0[MAILTMPLEN], hostlist1[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/imap.c:2302:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full_filename[MAXPATH+1], filename[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/imap.c:2344:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pmt[128]; data/alpine-2.24+dfsg1/alpine/imap.c:2497:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[500]; data/alpine-2.24+dfsg1/alpine/imap.c:2676:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/imap.c:2748:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[500], buf2[500]; data/alpine-2.24+dfsg1/alpine/imap.c:3008:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char token[MAILTMPLEN], prompt[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/imap.c:3240:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ui[5]; data/alpine-2.24+dfsg1/alpine/imap.c:3282:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. blob = (char *) pcred[k]->CredentialBlob; data/alpine-2.24+dfsg1/alpine/imap.c:3301:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). flags = sflags ? atoi(tmp ? ++tmp : sflags) : 0; data/alpine-2.24+dfsg1/alpine/imap.c:3332:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char target[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/imap.c:3334:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ui[5]; data/alpine-2.24+dfsg1/alpine/imap.c:3453:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). flags = sflags ? atoi(tmp ? ++tmp : sflags) : 0; data/alpine-2.24+dfsg1/alpine/imap.c:3497:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN], *ui[5]; data/alpine-2.24+dfsg1/alpine/imap.c:3503:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp2[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/imap.c:3648:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int flags = ui[3] ? atoi(s ? ++s : ui[3]) : 0; data/alpine-2.24+dfsg1/alpine/imap.c:3685:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char target[10*MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/imap.c:3686:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char blob[10*MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/imap.c:3704:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(blob, "%d", l->altflag); data/alpine-2.24+dfsg1/alpine/imap.c:3736:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char target[10*MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/imap.c:3737:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char blob[10*MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/imap.c:3754:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(blob, "%d", l->altflag); data/alpine-2.24+dfsg1/alpine/imap.c:3804:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[10*MAILTMPLEN], blob[10*MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/imap.c:3837:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(blob, "%d", l->altflag); data/alpine-2.24+dfsg1/alpine/imap.c:4056:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/init.c:184:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[50], **p; data/alpine-2.24+dfsg1/alpine/init.c:260:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path2[MAXPATH+1], prompt[128], tmp[21]; data/alpine-2.24+dfsg1/alpine/init.c:362:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[150]; data/alpine-2.24+dfsg1/alpine/kblock.c:96:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inpasswd[80], passwd[80], pw[80]; data/alpine-2.24+dfsg1/alpine/kblock.c:104:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). times = atoi(ps->VAR_KBLOCK_PASSWD_COUNT); data/alpine-2.24+dfsg1/alpine/kblock.c:117:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[50]; data/alpine-2.24+dfsg1/alpine/keymenu.c:2976:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keystr[6*MAX_KEYNAME + 6*MAX_LABEL + 2]; data/alpine-2.24+dfsg1/alpine/keymenu.c:3049:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[6*MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/keymenu.c:3050:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp2[6*MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/keymenu.c:3051:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char this_label[6*MAX_LABEL+1]; data/alpine-2.24+dfsg1/alpine/keymenu.c:3103:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_label[6*MAX_LABEL+1]; data/alpine-2.24+dfsg1/alpine/keymenu.c:3411:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(km->bitmap, bm, BM_SIZE); data/alpine-2.24+dfsg1/alpine/keymenu.c:3468:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_label[6*MAX_LABEL+1]; data/alpine-2.24+dfsg1/alpine/keymenu.c:3487:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_label[6*MAX_LABEL+1]; data/alpine-2.24+dfsg1/alpine/keymenu.c:3691:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(km_state.bitmap, bitmap, BM_SIZE); data/alpine-2.24+dfsg1/alpine/keymenu.c:4014:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prename[100]; data/alpine-2.24+dfsg1/alpine/keymenu.c:4015:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namepart[100]; data/alpine-2.24+dfsg1/alpine/keymenu.c:4016:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char labelpart[100]; data/alpine-2.24+dfsg1/alpine/ldapconf.c:99:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ee[200]; data/alpine-2.24+dfsg1/alpine/ldapconf.c:374:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[200]; data/alpine-2.24+dfsg1/alpine/ldapconf.c:923:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[200]; data/alpine-2.24+dfsg1/alpine/ldapconf.c:1171:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAXPATH+1], custom_scope[MAXPATH], **apval; data/alpine-2.24+dfsg1/alpine/ldapconf.c:1808:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir_tmp[2200], *p; data/alpine-2.24+dfsg1/alpine/ldapconf.c:1881:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). portval = atoi(port); data/alpine-2.24+dfsg1/alpine/ldapconf.c:1903:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). timeval = atoi(ttime); data/alpine-2.24+dfsg1/alpine/ldapconf.c:1909:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sizeval = atoi(ssize); data/alpine-2.24+dfsg1/alpine/ldapconf.c:2058:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[81]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:359:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[128]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:426:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *newfolder, prompt[MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:699:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nextfolder[MAXPATH]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:1063:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nextfolder[MAXPATH]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:1125:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *front, type[80], cnt[CNTLEN], fbuf[MAX_SCREEN_COLS/2+1]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:1586:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[10]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:1716:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flagit, *seq, *screen_text[20], **exp, **p, *answer = NULL; data/alpine-2.24+dfsg1/alpine/mailcmd.c:1717:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *keyword_array[2]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:2477:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newfolder[MAILTMPLEN], nmsgs[32], *nick; data/alpine-2.24+dfsg1/alpine/mailcmd.c:2764:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[6*MAX_SCREEN_COLS+1], *p, expanded[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:2766:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortbuf[200]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:2991:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:3259:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:3449:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt_b[MAX_SCREEN_COLS+1], temp[MAILTMPLEN+1], buff[MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:3493:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[100]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:3587:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPATH+1], full_filename[MAXPATH+1], *err; data/alpine-2.24+dfsg1/alpine/mailcmd.c:3588:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nmsgs[80]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:3700:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[MAXPATH], *tfp = NULL; data/alpine-2.24+dfsg1/alpine/mailcmd.c:3842:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:3843:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lfile[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:4052:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPATH+1], full_filename[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:4216:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir[MAXPATH+1], dir2[MAXPATH+1], orig_dir[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:4217:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char precolon[MAXPATH+1], postcolon[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:4218:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename2[MAXPATH+1], tmp[MAXPATH+1], *fn, *ill; data/alpine-2.24+dfsg1/alpine/mailcmd.c:4221:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt_buf[400]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:4222:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char def[500]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:4377:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dirb[50], fileb[50]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:4379:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, p1[100], p2[100], *p3, p4[100], p5[100]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:5136:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char jump_num_string[80], *j, prompt[70]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:5189:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning[100]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:5229:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning[100]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:5233:16: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). jump_num = atol(jump_num_string); data/alpine-2.24+dfsg1/alpine/mailcmd.c:5289:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nextfolder[MAXPATH]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:5378:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pmt[128]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:5444:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char debug_num_string[80], *j, prompt[70]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:5452:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). debug_num = atol(debug_num_string); data/alpine-2.24+dfsg1/alpine/mailcmd.c:5487:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). debug_num = atol(debug_num_string); data/alpine-2.24+dfsg1/alpine/mailcmd.c:5524:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:5607:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char newfolder[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:5608:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expanded[MAXPATH+1], data/alpine-2.24+dfsg1/alpine/mailcmd.c:5848:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:6202:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:6223:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[250]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:6236:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m[10]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:6378:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pipe_command[MAXPATH]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:6701:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *h, *hdrs[MLCMD_COUNT + 1]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:7390:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[80]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:7663:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char number1[16], number2[16], numbers[80], *p, *t; data/alpine-2.24+dfsg1/alpine/mailcmd.c:7739:16: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if((n1 = atol(number1)) < 1L || n1 > mn_get_total(msgmap)){ data/alpine-2.24+dfsg1/alpine/mailcmd.c:7779:20: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if((n2 = atol(number2)) < 1L || n2 > mn_get_total(msgmap)){ data/alpine-2.24+dfsg1/alpine/mailcmd.c:7787:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t[20]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:7834:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char number1[16], number2[16], numbers[80], *p, *t; data/alpine-2.24+dfsg1/alpine/mailcmd.c:7913:16: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if((n1 = atol(number1)) < 1L || n1 > msgmap->max_thrdno){ data/alpine-2.24+dfsg1/alpine/mailcmd.c:7956:20: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if((n2 = atol(number2)) < 1L || n2 > msgmap->max_thrdno){ data/alpine-2.24+dfsg1/alpine/mailcmd.c:7964:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t[20]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:8008:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[100], defdate[100], prompt[128]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:8074:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seq[20]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:8200:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[128]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:8201:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namehdr[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:8270:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sstring[80], tmp[128]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:8272:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buftmp[MAILTMPLEN], namehdr[80]; data/alpine-2.24+dfsg1/alpine/mailcmd.c:8603:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char size[16], numbers[80], *p, *t; data/alpine-2.24+dfsg1/alpine/mailcmd.c:8848:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rulenick[1000], *nick; data/alpine-2.24+dfsg1/alpine/mailcmd.c:9041:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyword[MAXUSERFLAG+1], *kword; data/alpine-2.24+dfsg1/alpine/mailcmd.c:9337:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024], *folded; data/alpine-2.24+dfsg1/alpine/mailcmd.c:9600:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[200], tmp[3], *p; data/alpine-2.24+dfsg1/alpine/mailcmd.c:9841:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/mailindx.c:394:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char db[200]; data/alpine-2.24+dfsg1/alpine/mailindx.c:1648:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char draw[MAX_SCREEN_COLS*6+1], *p; data/alpine-2.24+dfsg1/alpine/mailindx.c:2959:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[MAX_SEARCH+50], new_string[MAX_SEARCH+1]; data/alpine-2.24+dfsg1/alpine/mailindx.c:2960:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_SCREEN_COLS+1], *p; data/alpine-2.24+dfsg1/alpine/mailindx.c:2962:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char search_string[MAX_SEARCH+1]; data/alpine-2.24+dfsg1/alpine/mailindx.c:3664:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title[GETTEXT_TITLELEN+1]; data/alpine-2.24+dfsg1/alpine/mailpart.c:300:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numbuf[50]; data/alpine-2.24+dfsg1/alpine/mailpart.c:301:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char description[1000]; data/alpine-2.24+dfsg1/alpine/mailpart.c:317:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buftmp[1000]; data/alpine-2.24+dfsg1/alpine/mailpart.c:734:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char last[64], tmp[64]; data/alpine-2.24+dfsg1/alpine/mailpart.c:1138:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[MAXCOLORLEN+1]; data/alpine-2.24+dfsg1/alpine/mailpart.c:1303:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPATH+1], full_filename[MAXPATH+1], data/alpine-2.24+dfsg1/alpine/mailpart.c:1366:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[MAXPATH], *tfp = NULL; data/alpine-2.24+dfsg1/alpine/mailpart.c:1371:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt_buf[256]; data/alpine-2.24+dfsg1/alpine/mailpart.c:1454:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *l_string, sbuf[256], *err; data/alpine-2.24+dfsg1/alpine/mailpart.c:1578:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newfolder[MAILTMPLEN], *save_folder, *flags = NULL; data/alpine-2.24+dfsg1/alpine/mailpart.c:1579:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[64], nmsgs[80]; data/alpine-2.24+dfsg1/alpine/mailpart.c:1643:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newfolder[MAILTMPLEN], *save_folder, data/alpine-2.24+dfsg1/alpine/mailpart.c:1738:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPATH+1], full_filename[MAXPATH+1], *err; data/alpine-2.24+dfsg1/alpine/mailpart.c:1816:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPATH+1], full_filename[MAXPATH+1], *err = NULL; data/alpine-2.24+dfsg1/alpine/mailpart.c:1909:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[250]; data/alpine-2.24+dfsg1/alpine/mailpart.c:2002:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir_path[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/mailpart.c:2076:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg_buf[128]; data/alpine-2.24+dfsg1/alpine/mailpart.c:2164:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sender_filename[1000]; data/alpine-2.24+dfsg1/alpine/mailpart.c:2170:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[70]; data/alpine-2.24+dfsg1/alpine/mailpart.c:2171:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ext[32]; data/alpine-2.24+dfsg1/alpine/mailpart.c:2172:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mtype[128]; data/alpine-2.24+dfsg1/alpine/mailpart.c:2245:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[256]; data/alpine-2.24+dfsg1/alpine/mailpart.c:2348:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg_buf[128]; data/alpine-2.24+dfsg1/alpine/mailpart.c:3319:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[100], *folded; data/alpine-2.24+dfsg1/alpine/mailpart.c:3379:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buftmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/mailpart.c:4023:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pipe_command[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/mailpart.c:4375:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[8]; data/alpine-2.24+dfsg1/alpine/mailview.c:510:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/mailview.c:723:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[256], tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/mailview.c:874:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[128]; data/alpine-2.24+dfsg1/alpine/mailview.c:1492:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cmdp, *p, cmd[URL_MAX_LAUNCH + 4]; data/alpine-2.24+dfsg1/alpine/mailview.c:2050:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char folder[2*MAILTMPLEN], *group; data/alpine-2.24+dfsg1/alpine/mailview.c:2094:27: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). && (article_num = atol(&group[group_len]))){ data/alpine-2.24+dfsg1/alpine/mailview.c:2122:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char folder[MAILTMPLEN], *p; data/alpine-2.24+dfsg1/alpine/mailview.c:2279:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, *hdrp, *hdrs[MLCMD_COUNT + 1], data/alpine-2.24+dfsg1/alpine/mailview.c:2423:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bitmap, sparms->keys.bitmap, sizeof(bitmap_t)); data/alpine-2.24+dfsg1/alpine/mailview.c:2569:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bitmap, sparms->keys.bitmap, sizeof(bitmap_t)); data/alpine-2.24+dfsg1/alpine/mailview.c:3632:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[64]; data/alpine-2.24+dfsg1/alpine/mailview.c:3706:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[MAX_SEARCH+50], nsearch_string[MAX_SEARCH+1], *p; data/alpine-2.24+dfsg1/alpine/mailview.c:3710:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char search_string[MAX_SEARCH+1]; data/alpine-2.24+dfsg1/alpine/mailview.c:3870:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[MAXCOLORLEN+1]; data/alpine-2.24+dfsg1/alpine/mailview.c:4606:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ngp, tmp[MAILTMPLEN+10]; data/alpine-2.24+dfsg1/alpine/mailview.c:4659:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ngp, tmp[MAILTMPLEN+10]; data/alpine-2.24+dfsg1/alpine/mailview.c:4727:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ngp, *ngname, handle_str[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/mailview.c:4899:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/alpine-2.24+dfsg1/alpine/mailview.c:5086:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512], *msg_p[4]; data/alpine-2.24+dfsg1/alpine/mailview.c:5179:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title_buf[64]; data/alpine-2.24+dfsg1/alpine/mailview.c:5565:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[64]; data/alpine-2.24+dfsg1/alpine/newmail.c:135:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subject[MAILTMPLEN+1], subjtext[MAILTMPLEN+1], from[MAILTMPLEN+1], data/alpine-2.24+dfsg1/alpine/newmail.c:259:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_SCREEN_COLS+1], buf2[MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/newmail.c:260:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf3[MAX_SCREEN_COLS+1], buf4[MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/newuser.c:125:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&keys[0], nuov_keymenu.keys, data/alpine-2.24+dfsg1/alpine/osdep/chnge_pw.c:49:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd_buf[100]; data/alpine-2.24+dfsg1/alpine/osdep/debuging.c:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf[5]; data/alpine-2.24+dfsg1/alpine/osdep/debuging.c:74:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newfname[MAXPATH+1], filename[MAXPATH+1], *dfile = NULL; data/alpine-2.24+dfsg1/alpine/osdep/debuging.c:103:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fd = open(filename, O_TRUNC|O_RDWR|O_CREAT, 0600)) >= 0) data/alpine-2.24+dfsg1/alpine/osdep/debuging.c:107:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rev[128]; data/alpine-2.24+dfsg1/alpine/osdep/debuging.c:155:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf[5], crashfile[MAXPATH+1], filename[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/osdep/debuging.c:176:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cstr[256]; data/alpine-2.24+dfsg1/alpine/osdep/debuging.c:217:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1025]; data/alpine-2.24+dfsg1/alpine/osdep/debuging.c:317:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char b[64000]; data/alpine-2.24+dfsg1/alpine/osdep/debuging.c:359:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char quotes[3], tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/osdep/execview.c:391:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/alpine/osdep/fltrname.c:57:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char error[ERRORLEN]; data/alpine-2.24+dfsg1/alpine/osdep/fltrname.c:58:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ill_file[MAXPATH+1], *ill_char, *ptr, e2[20]; data/alpine-2.24+dfsg1/alpine/osdep/print.c:99:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[201], prompt[200]; data/alpine-2.24+dfsg1/alpine/osdep/print.c:102:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char aname[100], wname[100]; data/alpine-2.24+dfsg1/alpine/osdep/print.c:471:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char obuf[MAX(MB_LEN_MAX,32)]; data/alpine-2.24+dfsg1/alpine/osdep/print.c:523:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64000]; data/alpine-2.24+dfsg1/alpine/osdep/termin.gen.c:92:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char utf8buf[7]; data/alpine-2.24+dfsg1/alpine/osdep/termin.gen.c:1104:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char inputbuf[20]; data/alpine-2.24+dfsg1/alpine/osdep/termout.gen.c:333:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[PUTLINE_BUFLEN]; data/alpine-2.24+dfsg1/alpine/osdep/termout.gen.c:354:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[PUTLINE_BUFLEN]; data/alpine-2.24+dfsg1/alpine/osdep/termout.gen.c:375:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[PUTLINE_BUFLEN]; data/alpine-2.24+dfsg1/alpine/osdep/termout.gen.c:397:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[PUTLINE_BUFLEN]; data/alpine-2.24+dfsg1/alpine/osdep/termout.gen.c:420:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[PUTLINE_BUFLEN]; data/alpine-2.24+dfsg1/alpine/osdep/termout.gen.c:519:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char cbuf[6]; data/alpine-2.24+dfsg1/alpine/osdep/termout.unx.c:774:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char obuf[MAX(MB_LEN_MAX,32)]; data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:200:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fontName[LF_FACESIZE+1]; data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:201:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fontSize[12]; data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:202:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fontStyle[64]; data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:203:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fontCharSet[256]; data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:204:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char windowPosition[32], windowPositionReg[32]; data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:205:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char foreColor[64], backColor[64]; data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:207:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cursorStyle[32]; data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:679:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tstrlist[2]; data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:962:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR tcbuf[1024]; data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:1282:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2*MAXPATH+1], *p; data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:1285:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR tcbuf[TCBUFLEN+1]; data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:1318:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char srvbuf[MAXPATH+1], tuser[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:1461:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tsrvr[4*MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:1697:3: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR fn[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:1730:3: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR lptstr_buf[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:1804:3: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR lptstr_fn[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/pine-use.c:38:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[100], buf[100], *p; data/alpine-2.24+dfsg1/alpine/pine-use.c:60:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). core_id = atoi(argv[1]); data/alpine-2.24+dfsg1/alpine/pine-use.c:66:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). core = fopen("pine-core-collect.sh", "w"); data/alpine-2.24+dfsg1/alpine/pine-use.c:109:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((f = fopen(filename, "r")) != NULL) { data/alpine-2.24+dfsg1/alpine/pine-use.c:165:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20480]; data/alpine-2.24+dfsg1/alpine/pine-use.c:169:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(buf, "r"); data/alpine-2.24+dfsg1/alpine/pipe.c:137:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[200]; data/alpine-2.24+dfsg1/alpine/print.c:578:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char aname[100], wname[100]; data/alpine-2.24+dfsg1/alpine/print.c:713:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[81], sval[MAXPATH+1], name[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/print.c:918:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pmt[80]; data/alpine-2.24+dfsg1/alpine/radio.c:59:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rep[WANT_TO_BUF], *p; data/alpine-2.24+dfsg1/alpine/remote.c:42:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[2000]; data/alpine-2.24+dfsg1/alpine/remote.c:264:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPATH], pinerc_dir[MAXPATH]; data/alpine-2.24+dfsg1/alpine/reply.c:755:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[80], *prompt_fodder; data/alpine-2.24+dfsg1/alpine/reply.c:846:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/alpine-2.24+dfsg1/alpine/reply.c:938:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[80]; data/alpine-2.24+dfsg1/alpine/reply.c:1181:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/alpine-2.24+dfsg1/alpine/reply.c:2085:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sig_path[MAXPATH+1], errbuf[2000], *errstr = NULL; data/alpine-2.24+dfsg1/alpine/reply.c:2277:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datebuf[200]; data/alpine-2.24+dfsg1/alpine/roleconf.c:283:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title[100]; data/alpine-2.24+dfsg1/alpine/roleconf.c:469:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s, title[100], specific_fldr[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/roleconf.c:684:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[60]; data/alpine-2.24+dfsg1/alpine/roleconf.c:853:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[6*MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/roleconf.c:961:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title[80]; data/alpine-2.24+dfsg1/alpine/roleconf.c:1029:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title[80]; data/alpine-2.24+dfsg1/alpine/roleconf.c:1030:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char add[80]; data/alpine-2.24+dfsg1/alpine/roleconf.c:1085:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exitpmt[80]; data/alpine-2.24+dfsg1/alpine/roleconf.c:1167:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title[80]; data/alpine-2.24+dfsg1/alpine/roleconf.c:1295:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title[80]; data/alpine-2.24+dfsg1/alpine/roleconf.c:1451:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title[80]; data/alpine-2.24+dfsg1/alpine/roleconf.c:1542:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[80]; data/alpine-2.24+dfsg1/alpine/roleconf.c:1543:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[100]; data/alpine-2.24+dfsg1/alpine/roleconf.c:1671:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[200]; data/alpine-2.24+dfsg1/alpine/roleconf.c:1880:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPATH+1], full_filename[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/roleconf.c:1881:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir2[MAXPATH+1], pdir[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/roleconf.c:2049:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[100]; data/alpine-2.24+dfsg1/alpine/roleconf.c:2563:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. {char tmp[MAXPATH+1]; \ data/alpine-2.24+dfsg1/alpine/roleconf.c:2632:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. {char tmp[MAXPATH+1]; \ data/alpine-2.24+dfsg1/alpine/roleconf.c:2791:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAXPATH+1], **apval, **lval, ***alval, *p; data/alpine-2.24+dfsg1/alpine/roleconf.c:2794:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mstr[50]; data/alpine-2.24+dfsg1/alpine/roleconf.c:2907:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/roleconf.c:5356:37: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (*result)->patgrp->cat_lim = atol(cat_lim); data/alpine-2.24+dfsg1/alpine/roleconf.c:5718:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(score_act && (j = atoi(score_act)) >= SCORE_MIN && j <= SCORE_MAX) data/alpine-2.24+dfsg1/alpine/roleconf.c:5953:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/roleconf.c:6006:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/roleconf.c:6184:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *str, *astr, *lc, pdir[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/roleconf.c:6324:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cur_fn, wt_res, prompt[MAX_SCREEN_COLS]; data/alpine-2.24+dfsg1/alpine/roleconf.c:6327:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf1[MAX_SCREEN_COLS], nbuf2[MAX_SCREEN_COLS]; data/alpine-2.24+dfsg1/alpine/roleconf.c:6451:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAILTMPLEN], nname[32]; data/alpine-2.24+dfsg1/alpine/roleconf.c:6452:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf1[MAX_SCREEN_COLS], nbuf2[MAX_SCREEN_COLS]; data/alpine-2.24+dfsg1/alpine/roleconf.c:6453:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[MAX_SCREEN_COLS]; data/alpine-2.24+dfsg1/alpine/roleconf.c:7124:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *file, *err, title[20], *newfile, *lc, *addr, *fldr = NULL, *tmpfldr; data/alpine-2.24+dfsg1/alpine/roleconf.c:7125:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir2[MAXPATH+1], pdir[MAXPATH+1], *p; data/alpine-2.24+dfsg1/alpine/roleconf.c:7126:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full_filename[MAXPATH+1], filename[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/roleconf.c:7127:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAXPATH+1], **spec_fldr, **apval; data/alpine-2.24+dfsg1/alpine/roleconf.c:7606:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[60]; data/alpine-2.24+dfsg1/alpine/rpdump.c:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10000]; data/alpine-2.24+dfsg1/alpine/rpdump.c:126:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(((fd = open(local, O_CREAT|O_EXCL|O_WRONLY,0600)) < 0) data/alpine-2.24+dfsg1/alpine/rpdump.c:170:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fp = fopen(local, "w")) == NULL){ data/alpine-2.24+dfsg1/alpine/rpdump.c:555:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[100], *last, tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/rpdump.c:803:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rep[1000], *p; data/alpine-2.24+dfsg1/alpine/rpload.c:143:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fp = fopen(local, "r")) == NULL){ data/alpine-2.24+dfsg1/alpine/rpload.c:207:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sequence[20]; data/alpine-2.24+dfsg1/alpine/rpload.c:441:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *trimsize = atoi(str); data/alpine-2.24+dfsg1/alpine/rpload.c:493:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20000]; data/alpine-2.24+dfsg1/alpine/rpload.c:559:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20000], *sto, *p; data/alpine-2.24+dfsg1/alpine/rpload.c:643:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sequence[20]; data/alpine-2.24+dfsg1/alpine/rpload.c:663:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[200], vers[10]; data/alpine-2.24+dfsg1/alpine/rpload.c:794:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[100], *last, tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/send.c:287:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_path[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/send.c:324:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[80]; data/alpine-2.24+dfsg1/alpine/send.c:325:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char letters[30]; data/alpine-2.24+dfsg1/alpine/send.c:469:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_path[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/send.c:1047:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **tobufp, *p, tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/send.c:1127:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tmp, _("FORWARD (as e-mail) to : ")); data/alpine-2.24+dfsg1/alpine/send.c:1332:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dsn_string[30]; data/alpine-2.24+dfsg1/alpine/send.c:1597:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[50]; data/alpine-2.24+dfsg1/alpine/send.c:1932:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[200], news_group[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/send.c:3151:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char folder[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/send.c:3153:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[50]; data/alpine-2.24+dfsg1/alpine/send.c:3238:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPATH+1], newfname[MAXPATH+1], nbuf[5]; data/alpine-2.24+dfsg1/alpine/send.c:3355:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uidbuf[MAILTMPLEN], *p; data/alpine-2.24+dfsg1/alpine/send.c:3393:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char curposbuf[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/send.c:3913:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[50]; data/alpine-2.24+dfsg1/alpine/send.c:4008:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[50]; data/alpine-2.24+dfsg1/alpine/send.c:4372:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fbuf[MAILTMPLEN+1]; data/alpine-2.24+dfsg1/alpine/send.c:4512:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dsn_string[30]; data/alpine-2.24+dfsg1/alpine/send.c:5177:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[MAXPATH+1], *fnp = NULL; data/alpine-2.24+dfsg1/alpine/send.c:5440:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAILTMPLEN], *s; data/alpine-2.24+dfsg1/alpine/send.c:6368:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save_jmp_buf, addrbook_changed_unexpectedly, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/send.c:6495:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrbook_changed_unexpectedly, save_jmp_buf, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/send.c:6565:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save_jmp_buf, addrbook_changed_unexpectedly, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/send.c:6838:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrbook_changed_unexpectedly, save_jmp_buf, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/send.c:6931:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[100], answer[80]; data/alpine-2.24+dfsg1/alpine/setup.c:64:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAXPATH+1], *pval, **lval; data/alpine-2.24+dfsg1/alpine/setup.c:619:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_inbox_path[2*MAXFOLDER+1]; data/alpine-2.24+dfsg1/alpine/setup.c:1057:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char vbuf[100]; data/alpine-2.24+dfsg1/alpine/setup.c:1100:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char fbuf[100]; data/alpine-2.24+dfsg1/alpine/setup.c:1125:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, gbuf[100]; data/alpine-2.24+dfsg1/alpine/signal.c:183:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/alpine-2.24+dfsg1/alpine/signal.c:264:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[80]; data/alpine-2.24+dfsg1/alpine/signal.c:394:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c, *mbox, mboxbuf[20]; data/alpine-2.24+dfsg1/alpine/smime.c:82:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[500]; data/alpine-2.24+dfsg1/alpine/smime.c:373:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/alpine/smime.c:424:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iobuf[4096]; data/alpine-2.24+dfsg1/alpine/smime.c:484:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char space[256]; data/alpine-2.24+dfsg1/alpine/smime.c:490:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/alpine/smime.c:553:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/alpine/smime.c:584:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_l[256]; data/alpine-2.24+dfsg1/alpine/smime.c:585:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_r[256]; data/alpine-2.24+dfsg1/alpine/smime.c:758:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[200]; data/alpine-2.24+dfsg1/alpine/smime.c:1112:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPATH]; data/alpine-2.24+dfsg1/alpine/smime.c:1181:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ch[2]; data/alpine-2.24+dfsg1/alpine/smime.c:1280:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathdir[MAXPATH+1], filename[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/smime.c:1301:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(filename, ".crt"); data/alpine-2.24+dfsg1/alpine/smime.c:1337:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/smime.c:1338:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char passwd[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/smime.c:1339:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/smime.c:1513:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[200]; data/alpine-2.24+dfsg1/alpine/smime.c:1520:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPATH+1]; data/alpine-2.24+dfsg1/alpine/smime.c:1570:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char u[MAILTMPLEN], *t; data/alpine-2.24+dfsg1/alpine/smime.c:1640:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[200]; data/alpine-2.24+dfsg1/alpine/smime.c:1685:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char u[MAILTMPLEN], *t; data/alpine-2.24+dfsg1/alpine/status.c:93:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char prevstatusbuf[6*MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/status.c:571:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/alpine-2.24+dfsg1/alpine/status.c:868:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newstatusbuf[6*MAX_SCREEN_COLS + 1]; data/alpine-2.24+dfsg1/alpine/status.c:1281:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/takeaddr.c:127:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char edit_buf[MAX_NICKNAME + 1]; data/alpine-2.24+dfsg1/alpine/takeaddr.c:292:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_fullname[6*MAX_FULLNAME + 1], new_address[6*MAX_ADDRESS + 1]; data/alpine-2.24+dfsg1/alpine/takeaddr.c:306:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char old_fullname[6*MAX_FULLNAME + 1]; data/alpine-2.24+dfsg1/alpine/takeaddr.c:420:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save_jmp_buf, addrbook_changed_unexpectedly, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/takeaddr.c:432:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrbook_changed_unexpectedly, save_jmp_buf, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/alpine/takeaddr.c:460:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_nickname[6*MAX_NICKNAME + 1], exist_nick[6*MAX_NICKNAME + 1]; data/alpine-2.24+dfsg1/alpine/takeaddr.c:461:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[200], **p; data/alpine-2.24+dfsg1/alpine/takeaddr.c:952:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrbook[MAX_ABOOK + 1], data/alpine-2.24+dfsg1/alpine/takeaddr.c:1020:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char capcmd[50]; data/alpine-2.24+dfsg1/alpine/takeaddr.c:1194:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[40]; data/alpine-2.24+dfsg1/alpine/takeaddr.c:1557:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char last[MAX_SEARCH+1]; data/alpine-2.24+dfsg1/alpine/takeaddr.c:1722:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[6*MAX_SCREEN_COLS + 30]; data/alpine-2.24+dfsg1/alpine/takeaddr.c:1723:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[6*MAX_SCREEN_COLS + 30]; data/alpine-2.24+dfsg1/alpine/takeaddr.c:2043:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[200]; data/alpine-2.24+dfsg1/alpine/takeaddr.c:2077:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warn[2][MAX_NICKNAME+1]; data/alpine-2.24+dfsg1/alpine/takeaddr.c:2078:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[OURTMPBUFLEN]; data/alpine-2.24+dfsg1/alpine/takeaddr.c:2197:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char abuf[MAX_ADDRESS + 1]; data/alpine-2.24+dfsg1/alpine/takeaddr.c:2418:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char capcmd[CAPCMDLEN]; data/alpine-2.24+dfsg1/alpine/takeaddr.c:3154:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAILTMPLEN+1]; data/alpine-2.24+dfsg1/alpine/titlebar.c:423:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version[50], fold_tmp[6*MAXPATH+1], *titlebar_line, data/alpine-2.24+dfsg1/alpine/titlebar.c:920:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[50]; data/alpine-2.24+dfsg1/alpine/titlebar.c:1099:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[50]; data/alpine-2.24+dfsg1/alpine/titlebar.c:1144:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char percent[4]; data/alpine-2.24+dfsg1/alpine/titlebar.h:27:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char titlebar_line[6*MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:181:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[1024]; data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:182:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reply[1024]; data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:190:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s + strlen(s), _("Please select the client-id to use from the following list.\n\n")); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:192:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s + strlen(s), " %d) %.70s\n", i+1, xinfo[i]->client_id); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:202:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sel = atoi(reply) - 1; data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:211:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:606:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024], tmp2[16]; data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:608:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp2, "%d", key); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:788:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAXPATH+1], *pval, **lval, ***alval; data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:945:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. {char service[MAILTMPLEN+1]; data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:946:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[MAILTMPLEN+1]; data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:984:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char question[MAILTMPLEN]; data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:995:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). key = atoi(varlist[i]->dname); /* this hack avoids we rebuild varlist again */ data/alpine-2.24+dfsg1/imap/src/ansilib/memmove.c:38:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy (ct,s,n); /* they should have this one */ data/alpine-2.24+dfsg1/imap/src/ansilib/memmove2.c:43:61: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ((dest > src) && ((src + n) < dest))) return (void *) memcpy (s,ct,n); data/alpine-2.24+dfsg1/imap/src/c-client/auth_bea.c:115:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ports[10]; data/alpine-2.24+dfsg1/imap/src/c-client/auth_bea.c:119:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ports, "%lu", port); data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c:64:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c:137:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c:207:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (tmp,resp.value,4); data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c:324:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c:368:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (resp.value = tmp,(void *) &maxsize,resp.length = 4); data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c:378:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (tmp,chal.value,chal.length) && data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c:39:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[MD5BLKLEN]; /* input buffer */ data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c:116:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[128]; data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c:117:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%.65s %.33s",user,hmac_md5 (hshbuf,challenge,clen, data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c:155:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p,*u,*user,*authuser,*hash,chal[MAILTMPLEN],hshbuf[2*MD5DIGLEN + 1]; data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c:196:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open (MD5ENABLE,O_RDONLY,NIL); data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c:241:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*authuser,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c:242:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char digest[MD5DIGLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c:251:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%.128s%.128s",chal,s); data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c:291:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char digest[MD5DIGLEN],k_ipad[MD5BLKLEN+1],k_opad[MD5BLKLEN+1]; data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c:299:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (k_ipad,key,kl); /* store key in pads */ data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c:301:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (k_opad,k_ipad,MD5BLKLEN+1); data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c:379:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ctx->ptr,data,i); /* fill up 64 byte chunk */ data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c:383:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ctx->ptr,data,len); /* copy final bit of data in buffer */ data/alpine-2.24+dfsg1/imap/src/c-client/auth_ntl.c:58:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/auth_ntl.c:59:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ubuf[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/auth_ntl.c:84:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ubuf, sep + 1, ulen); data/alpine-2.24+dfsg1/imap/src/c-client/auth_ntl.c:86:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ubuf + ulen + 1, user, dlen); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:856:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s + strlen(s), "%c", *t); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:858:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s + strlen(s), "%%%X", *t); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:873:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s + strlen(s), "%c", '+'); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:876:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s + strlen(s), "%c", *t); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:878:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s + strlen(s), "%%%X", *t); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:904:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mb->service, "http"); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:1098:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char length[20]; data/alpine-2.24+dfsg1/imap/src/c-client/http.c:1100:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(length, "%lu", strlen(req->body)); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:1190:13: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). size = atol(stream->header->content_length->p->vp->value); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:109:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[IMAPTMPLEN]; /* temporary buffer */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:511:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,mbx[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:543:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,prefix[MAILTMPLEN],mbx[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:693:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mbx[MAILTMPLEN],mbx2[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:739:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:759:30: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (flags & SA_MESSAGES) strcat (tmp," MESSAGES"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:760:28: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (flags & SA_RECENT) strcat (tmp," RECENT"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:761:28: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (flags & SA_UNSEEN) strcat (tmp," UNSEEN"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:762:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (flags & SA_UIDNEXT) strcat (tmp," UIDNEXT"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:763:33: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (flags & SA_UIDVALIDITY) strcat (tmp," UIDVALIDITY"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:822:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN],usr[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1005:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen (tmp),":%lu",i); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1006:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tmp,"/imap"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1007:25: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (LOCAL->tlsflag) strcat (tmp,"/starttls"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1008:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (LOCAL->tls1) strcat (tmp,"/tls1"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1009:24: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (LOCAL->tls1_1) strcat (tmp,"/tls1_1"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1010:24: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (LOCAL->tls1_2) strcat (tmp,"/tls1_2"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1011:24: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (LOCAL->tls1_3) strcat (tmp,"/tls1_3"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1012:27: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (LOCAL->tlssslv23) strcat (tmp,"/tls-sslv23"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1013:27: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (LOCAL->notlsflag) strcat (tmp,"/nostarttls"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1014:25: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (LOCAL->sslflag) strcat (tmp,"/ssl"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1015:28: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (LOCAL->novalidate) strcat (tmp,"/novalidate-cert"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1016:23: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (LOCAL->loser) strcat (tmp,"/loser"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1017:25: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (stream->secure) strcat (tmp,"/secure"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1018:25: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (stream->rdonly) strcat (tmp,"/readonly"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1019:28: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (stream->anonymous) strcat (tmp,"/anonymous"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1063:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tmp,"<no_mailbox>"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1088:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[2]; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1129:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[16]; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1132:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tag,"%08lx",0xffffffff & (stream->gensym++)); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1176:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[16]; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1205:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tag,"%08lx",0xffffffff & (stream->gensym++)); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1249:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can not authenticate to IMAP server: %.80s",lsterr); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1255:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if(!uasaved) sprintf (tmp,"Client does not support AUTH=%.80s authenticator",mb->auth); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1256:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if (!atsaved) sprintf (tmp,"IMAP server does not support AUTH=%.80s authenticator",mb->auth); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1328:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1341:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"IMAP SERVER BUG (invalid challenge): %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1495:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (last != start) sprintf (t,":%lu,%lu",last,i); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1496:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (t,",%lu",i); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1506:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s,"%lu",start = last = i); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1512:22: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (last != start) sprintf (t,":%lu",last); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1547:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,seq[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1564:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s = seq,"%lu",msgno);/* initial sequence */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1623:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s += strlen (s),",%lu",i++); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1627:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s += strlen (s),",%lu:%lu",i,x); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1641:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s += strlen (s),",%lu",i); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1651:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s,",%lu",i); /* append message */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1656:18: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (i != --j) sprintf (s + strlen (s),":%lu",i = j); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1670:51: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (!elt->private.uid && LEVELIMAP4 (stream)) strcpy (tmp," UID"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1674:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tmp," ENVELOPE"); /* yes, get it and possible extra poop */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1686:20: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (!elt->day) strcat (tmp," INTERNALDATE"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1687:28: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (!elt->rfc822_size) strcat (tmp," RFC822.SIZE"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1690:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tmp," FLAGS)"); /* always get current flags */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1738:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,tmp[MAILTMPLEN],partial[40],seq[40]; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1747:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (seq,"%lu:%lu",msgno, data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1782:24: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (first || last) sprintf (partial,"<%lu.%lu>",first,last ? last:-1); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1813:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tmp+(t-section),".0"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1888:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. text.data = memcpy (fs_get (text.size+1), data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1963:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. text.data = memcpy (fs_get (text.size+1),elt->private.msg.text.text.data, data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1982:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,seq[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1991:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (seq,"%lu",msgno); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1997:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s,",%lu",i); /* append message */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2002:18: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (i != --j) sprintf (s + strlen (s),":%lu",i = j); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2022:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seq[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2040:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (seq,"%lu",uid); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2198:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s,"%lu",j = i);/* output message number */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2206:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s,":%lu",i); /* output delimiter and end of range */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2330:27: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (last != start) sprintf (t,":%lu,%lu",last,i); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2331:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (t,",%lu",i); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2341:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s,"%lu",start = last = i); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2347:24: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (last != start) sprintf (t,":%lu",last); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2515:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s,"%lu",mail_uid (stream,j = i)); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2520:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s,":%lu",mail_uid (stream,i)); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2595:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2668:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't access referral server: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2714:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2959:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2982:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp,"ID value not found for name %.80s, at %.80s", ret->name, s); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2989:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp,"ID name \"%.80s\" has no value", ret->name); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3103:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,*t,tag[10]; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3106:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tag,"%08lx",0xffffffff & (stream->gensym++)); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3126:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s,"%lu",(unsigned long) arg->text); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3263:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datetmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3308:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s," %lu",list->text.size); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3388:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (*s,"{%lu}",i); /* write literal count */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3440:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t, s[MAILTMPLEN+1], u[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3499:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(v, "%d/%d/%d", BASEYEAR + (date >> 9), data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3506:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(v, "%d/%d/%d", BASEYEAR + (date >> 9), data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3513:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(v, "%d/%d/%d", BASEYEAR + (date >> 9), data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3520:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(v, "%d/%d/%d", BASEYEAR + (date >> 9), data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3526:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(v, "%dd", pgm->older/86400); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3531:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(v, "%dd", pgm->younger/86400); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3628:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (t,"%lu",j = i);/* output message number */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3636:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (t,":%lu",i); /* output delimiter and end of range */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3688:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (*s," LARGER %lu",pgm->larger); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3692:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (*s," SMALLER %lu",pgm->smaller); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3725:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (*s," OLDER %lu",pgm->older); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3729:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (*s," YOUNGER %lu",pgm->younger); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3854:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (*s,"%lu",set->first); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3862:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (*s,"%lu",set->last); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3869:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (start," OR",3); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3989:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Unexpected tagged response: %.80s %.80s %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4030:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Missing IMAP reply key: %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4091:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"IMAP protocol error: %.80s",(char *) reply->text); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4094:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (LOCAL->tmp,"Unexpected IMAP response: %.80s %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4116:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Unexpected untagged message: %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4163:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Bogus date: %.80s",(char *) s); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4191:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Body received for %lu but current is %lu", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4220:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Unterminated section: %.80s",md.what); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4223:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Bogus header field list: %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4226:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Unterminated header section: %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4236:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Unterminated partial data: %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4240:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Junk after section: %.80s",(char *) s); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4261:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Unknown body message property: %.80s",prop); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4292:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Unknown RFC822 message property: %.80s",prop); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4298:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Unknown message property: %.80s",prop); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4305:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Missing data for property: %.80s",prop); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4314:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Unknown message data: %lu %.80s",msgno,(char *) s); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4327:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Too many server flags, discarding: %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4357:19: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). do if ((i = atol (t)) && (LOCAL->filter ? data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4374:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Junk at end of thread: %.80s",(char *) s); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4484:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Junk after namespace list: %.80s",(char *) s); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4507:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Invalid ACL identifier/rights for %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4535:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Invalid optional LISTRIGHTS for %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4549:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Missing LISTRIGHTS rights for %.80s",(char *) t); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4556:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Missing LISTRIGHTS identifier for %.80s",(char *) t); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4569:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Junk after MYRIGHTS for %.80s",(char *) t); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4577:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Missing MYRIGHTS for %.80s",(char *) t); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4588:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Bad quota resource list for %.80s",(char *) t); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4631:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Bad quota root list for %.80s",(char *) t); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4675:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Unexpected untagged message: %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4826:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Missing delimiter in namespace: %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4851:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp, data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4862:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Missing values for namespace attribute %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4871:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Junk at end of namespace: %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4883:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Not a namespace: %.80s",(char *) *txtptr); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4935:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4936:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bogus thread member: %.80s",s); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5033:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Junk at end of envelope: %.80s",(char *) *txtptr); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5045:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Not an envelope: %.80s",(char *) *txtptr); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5073:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Junk at end of address list: %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5086:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Not an address: %.80s",(char *) *txtptr); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5122:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Junk at end of address: %.80s",(char *) *txtptr); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5153:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Junk in start of group: pn=%.80s al=%.80s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5179:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Not an address: %.80s",(char *) *txtptr); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5295:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Not an atom: %.80s",(char *) *txtptr); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5342:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Invalid CHAR in quoted string: %x", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5381:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Invalid server literal length %.80s",*txtptr); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5388:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Absurd server literal length %lu",i); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5425:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Not a string: %c%.80s",c,(char *) *txtptr); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5446:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5487:61: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). for (t = seg; *t && !((*t == '.') && (isalpha(t[1]) || !atol (t+1))); t++); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5490:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unknown section number: %.80s",seg); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5520:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unknown section specifier: %.80s.%.80s",seg,t); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5591:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Junk at end of multipart body: %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5694:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Junk at end of body part: %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5708:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Bogus body structure: %.80s",(char *) *txtptr); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5743:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Missing value for parameter %.80s",par->attribute); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5760:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Junk at end of parameter: %.80s",(char *) *txtptr); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5771:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Bogus body parameter: %c%.80s",c, data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5797:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Junk at end of disposition: %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5811:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Unknown body disposition: %.80s",(char *) *txtptr); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5862:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Bogus string list member: %.80s",(char *) t); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5919:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->tmp,"Unknown extension token: %.80s",(char *) *txtptr); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:309:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:310:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"c-client library version skew, app=%.100s library=%.100s", data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:369:61: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (stream && stream->dtb && (stream != ((*stream->dtb->open) (NIL)))) data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:725:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:795:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,*t,*v,tmp[MAILTMPLEN],arg[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:905:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (mb->service,"imap"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:907:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (mb->service,"pop3"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:916:22: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (!*mb->mailbox) strcpy (mb->mailbox,"INBOX"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:936:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:937:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid LIST reference specification: %.80s",ref); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:942:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:943:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid LIST pattern specification: %.80s",pat); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:971:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:972:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid LIST reference specification: %.80s",ref); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:977:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:978:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid LIST pattern specification: %.80s",pat); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1004:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1005:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid LSUB reference specification: %.80s",ref); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1010:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1011:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid LSUB pattern specification: %.80s",pat); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1064:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1103:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mailbox %.80s: bad driver syntax",mailbox); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1110:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mailbox %.80s: unknown driver",mailbox); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1122:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mailbox %.80s: indeterminate format",mailbox); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1160:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1170:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename %.80s: mailbox %.80s already exists", data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1272:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1300:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"{%.255s",mb.host); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1301:15: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (mb.port) sprintf (tmp + strlen (tmp),":%lu",mb.port); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1302:18: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (mb.user[0]) sprintf (tmp + strlen (tmp),"/user=%.64s",mb.user); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1303:18: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.dbgflag) strcat (tmp,"/debug"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1304:18: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.secflag) strcat (tmp,"/secure"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1305:18: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.tlsflag) strcat (tmp,"/starttls"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1306:20: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.notlsflag) strcat (tmp,"/notls"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1307:18: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.sslflag) strcat (tmp,"/ssl"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1308:15: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.tls1) strcat (tmp,"/tls1"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1309:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.tls1_1) strcat (tmp,"/tls1_1"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1310:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.tls1_2) strcat (tmp,"/tls1_2"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1311:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.tls1_3) strcat (tmp,"/tls1_3"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1312:21: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.trysslflag) strcat (tmp,"/tryssl"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1313:21: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.novalidate) strcat (tmp,"/novalidate-cert"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1314:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tmp,"/pop3/loser}"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1328:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%.80s",name+8); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1332:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't resolve mailbox %.80s: bad driver syntax",name); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1337:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (d) return (*d->open) (NIL); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1338:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't resolve mailbox %.80s: unknown driver",name); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1362:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1364:43: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (options & OP_PROTOTYPE) return (*d->open) (NIL); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1386:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Closing connection to %.80s",mb.host); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1425:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return ((*d->open) (stream)) ? stream : mail_close (stream); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1522:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1523:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad msgno %lu in mail_elt, nmsgs = %lu, mbx=%.80s", data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1664:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. hdr = (char *) memcpy (fs_get ((size_t) hdrsize+1),s,(size_t) hdrsize); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1702:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sequence[20]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1720:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sequence,"%lu",elt->msgno); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1769:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. s = (char *) memcpy (fs_get ((size_t) i),u,(size_t) i); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1776:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1777:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Calculated RFC822.SIZE (%lu) != reported size (%lu)", data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1781:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (t->data,s,(size_t) i); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1783:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (u,bs.curpos,bs.cursize); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1818:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1844:12: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy (tmp,"HEADER"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1907:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1928:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tmp,"TEXT"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1964:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2028:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2042:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ht.data = (unsigned char *) mail_fetch_header (stream,msgno, data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2104:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2124:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tmp,"TEXT"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2253:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&md->stream->private.string,bs,sizeof (STRING)); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2277:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer,s->curpos,i = min (s->cursize,size)); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2357:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2366:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (t = tmp,"%.256s@%.256s",adr->mailbox,adr->host); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2367:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s,t,(size_t) min (length,(long) strlen (t))); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2508:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*f,tmp[MAILTMPLEN],flags[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2529:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu",n); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2535:21: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->seen) strcat (flags," \\Seen"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2536:24: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->flagged) strcat (flags," \\Flagged"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2537:25: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->answered) strcat (flags," \\Answered"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2538:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->draft) strcat (flags," \\Draft"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2560:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu",i); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2682:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2698:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't append to mailbox %.80s: bad driver syntax",mailbox); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2704:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't append to mailbox %.80s: unknown driver",mailbox); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2950:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:3225:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:3227:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox has more messages (%lu) exist than maximum (%lu)", data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:3248:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:3251:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Non-existent recent message(s) %lu, nmsgs=%lu", data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:3265:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:3268:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Expunge of non-existent message %lu, nmsgs=%lu", data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:3302:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:3303:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Lock when already locked, mbx=%.80s", data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:3467:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,*e,*t,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:3527:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:3581:26: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (i == elt->msgno) sprintf (tmp,"%lu",elt->msgno); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:3582:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (tmp,"%lu:%lu",elt->msgno,i); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:3828:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,sect[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:3989:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[SENDBUFLEN + 1]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4011:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (txt.data + txt.size,tmp,k); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4043:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN+SEARCHSLOP+1]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4088:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *criterion,*r,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4164:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unknown search criterion: %.30s",criterion); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4400:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,*v,*x,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4423:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu",i); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4434:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu",i); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4466:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu",i); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4983:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:5009:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu",mail_uid (stream,s->num)); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:5011:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen (tmp),":%lu",mail_uid (stream,sc[j]->num)); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:5036:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu",s->num); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:5545:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,*n,*s,tmp[MAILTMPLEN],msg[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:5569:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (msg,"Unsupported system flag: %.80s",t); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:5590:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (msg,"Invalid flag: %.80s",t); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:5602:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (*t) sprintf (msg,"Unknown flag: %.80s",t); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:5603:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy (msg,"Empty flag invalid"); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:6276:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:6283:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid host name: %.80s",mb->host); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:6331:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((tstream = (*dv->open) (host,service,port | flags)) != NULL){ data/alpine-2.24+dfsg1/imap/src/c-client/mail.h:700:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[NETMAXHOST]; /* host name (may be canonicalized) */ data/alpine-2.24+dfsg1/imap/src/c-client/mail.h:701:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char orighost[NETMAXHOST]; /* host name before canonicalization */ data/alpine-2.24+dfsg1/imap/src/c-client/mail.h:702:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char user[NETMAXUSER]; /* user name */ data/alpine-2.24+dfsg1/imap/src/c-client/mail.h:703:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char auth[NETMAXAUTH]; /* authenticator name (PLAIN, etc.) */ data/alpine-2.24+dfsg1/imap/src/c-client/mail.h:704:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char authuser[NETMAXUSER]; /* authentication user name */ data/alpine-2.24+dfsg1/imap/src/c-client/mail.h:705:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mailbox[NETMAXMBX]; /* mailbox name */ data/alpine-2.24+dfsg1/imap/src/c-client/mail.h:706:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char service[NETMAXSRV]; /* service name */ data/alpine-2.24+dfsg1/imap/src/c-client/mail.h:1190:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *user_flags[NUSERFLAGS]; /* pointers to user flags in bit order */ data/alpine-2.24+dfsg1/imap/src/c-client/mail.h:1265:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void *(*open) (char *host,char *service,unsigned long port); data/alpine-2.24+dfsg1/imap/src/c-client/mail.h:1540:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). MAILSTREAM *(*open) (MAILSTREAM *stream); data/alpine-2.24+dfsg1/imap/src/c-client/mail.h:1983:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *host[OAUTH2_TOT_EQUIV]; /* servers for which this data applies */ data/alpine-2.24+dfsg1/imap/src/c-client/misc.c:90:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dst->data = (unsigned char *) data/alpine-2.24+dfsg1/imap/src/c-client/misc.c:107:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dst->data = (unsigned char *) data/alpine-2.24+dfsg1/imap/src/c-client/misc.c:214:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mask[256]; data/alpine-2.24+dfsg1/imap/src/c-client/misc.c:215:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char alphatab[256] = { data/alpine-2.24+dfsg1/imap/src/c-client/misc.c:264:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mask[256]; data/alpine-2.24+dfsg1/imap/src/c-client/netmsg.c:60:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/netmsg.c:61:13: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). FILE *f = tmpfile (); data/alpine-2.24+dfsg1/imap/src/c-client/netmsg.c:63:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,".%lx.%lx",(unsigned long) time (0),(unsigned long)getpid ()); data/alpine-2.24+dfsg1/imap/src/c-client/netmsg.c:64:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen (tmp,"wb+")) != NULL) unlink (tmp); data/alpine-2.24+dfsg1/imap/src/c-client/netmsg.c:66:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to create scratch file: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/c-client/netmsg.c:91:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error writing scratch file at byte %lu",*size); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:52:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:83:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen (newsrc,"wb"); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:117:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:132:15: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if(j == k) sprintf (tmp, "%c%ld",c,j); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:133:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (tmp, "%c%ld-%ld",c,j,k); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:141:18: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if(j == k) sprintf (tmp, "%c%ld",c,j); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:142:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (tmp,"%c%ld-%ld",c,j,k); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:158:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,*lcl,name[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:161:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen ((char *) mail_parameters (stream,GET_NEWSRC,stream),"rb"); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:195:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:198:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen (newsrc,"r+b"); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:201:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,nl[3]; data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:260:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:264:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen ((char *) mail_parameters (stream,GET_NEWSRC,stream),"rb"); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:298:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bogus character 0x%x in news state",(unsigned int)c); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:315:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"No state for newsgroup %.80s found, reading as new",group); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:329:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"[UNSEEN] %lu is first unseen message in %.80s",unseen,group); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:346:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN],backup[MAILTMPLEN],nl[3]; data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:349:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen (newsrc,"rb")) != NULL) {/* have existing newsrc file? */ data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:350:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(bf = fopen ((strcat (strcpy (backup,newsrc),OLDFILESUFFIX)),"wb"))) { data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:381:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (!(bf = fopen (backup,"rb"))) data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:385:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (!(f = fopen (newsrc,"wb"))) { data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:455:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:458:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen ((char *) mail_parameters (stream,GET_NEWSRC,stream),"rb"); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:483:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"No state for newsgroup %.80s found",group); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:227:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:322:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:337:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,*lcl,pattern[MAILTMPLEN],name[MAILTMPLEN],wildmat[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:388:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,mbx[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:448:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mbx[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:461:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mbx[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:513:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*name,*state,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:545:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"NNTP SERVER BUG (impossible message count): %lu > %lu", data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:570:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (((k = atol (s)) >= i) && (k < status.uidnext)) { data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:626:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu-%lu",first,last); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:651:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*mbx,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:688:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *hostlist[2]; data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:691:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen (tmp),":%lu",mb.port ? mb.port : nntp_port); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:692:21: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.tlsflag) strcat (tmp,"/starttls"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:693:23: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.tlssslv23) strcat (tmp,"/tls-sslv23"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:694:23: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.notlsflag) strcat (tmp,"/nostarttls"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:695:21: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.sslflag) strcat (tmp,"/ssl"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:696:18: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.tls1) strcat (tmp,"/tls1"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:697:20: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.tls1_1) strcat (tmp,"/tls1_1"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:698:20: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.tls1_2) strcat (tmp,"/tls1_2"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:699:20: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.tls1_3) strcat (tmp,"/tls1_3"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:700:24: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.novalidate) strcat (tmp,"/novalidate-cert"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:701:19: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.loser) strcat (tmp,"/loser"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:702:21: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.secflag) strcat (tmp,"/secure"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:723:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"NNTP SERVER BUG (impossible message count): %lu > %lu", data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:765:23: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (LOCAL->tlsflag) strcat (tmp,"/starttls"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:766:25: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (LOCAL->tlssslv23) strcat (tmp,"/tls-sslv23"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:767:25: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (LOCAL->notlsflag) strcat (tmp,"/nostarttls"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:768:23: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (LOCAL->sslflag) strcat (tmp,"/ssl"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:769:20: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (LOCAL->tls1) strcat (tmp,"/tls1"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:770:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (LOCAL->tls1_1) strcat (tmp,"/tls1_1"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:771:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (LOCAL->tls1_2) strcat (tmp,"/tls1_2"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:772:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (LOCAL->tls1_3) strcat (tmp,"/tls1_3"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:773:26: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (LOCAL->novalidate) strcat (tmp,"/novalidate-cert"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:774:33: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (LOCAL->nntpstream->loser) strcat (tmp,"/loser"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:775:23: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (stream->secure) strcat (tmp,"/secure"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:776:23: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (stream->rdonly) strcat (tmp,"/readonly"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:778:25: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (stream->halfopen) strcat (tmp,"}<no_mailbox>"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:799:11: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((k = atol (s)) > j){/* discard too high article numbers */ data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:800:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"NNTP SERVER BUG (out of range article ID): %lu > %lu", data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:931:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,*t,*v,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:943:24: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if(i == (j - 1)) sprintf (tmp, "%lu", mail_uid (stream,i)); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:944:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (tmp, "%lu-%lu",mail_uid (stream,i), mail_uid (stream,j - 1)); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:955:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((uid = atol (s)) && (k = mail_msgno (stream,uid)) && data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:962:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Server returned data for unknown UID %lu",uid); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:986:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to parse overview for UID %lu: %.500s",uid,s); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:1082:28: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ov->optional.octets = atol (t); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:1086:29: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ov->optional.lines = atol (++t); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:1110:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:1117:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu",mail_uid (stream,msgno)); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:1158:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:1170:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu",elt->private.uid); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:1503:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,*t,*v,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:1529:24: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (start != last) sprintf (tmp,"%lu-%lu",start,last); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:1530:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (tmp,"%lu",start); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:1538:35: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((i = mail_msgno (stream,atol (s))) && data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:1555:18: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). r->size = atol (++v); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:1685:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:1691:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"{%.200s/%.20s}",*hostlist,service ? service : "nntp"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:1693:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid host specifier: %.80s",*hostlist); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:1748:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to negotiate TLS with this server: %.80s",mb.host); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:1912:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,path[MAILTMPLEN],tmp[SENDBUFLEN+1]; data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:1956:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unexpected NNTP posting reply code %ld",ret); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:2006:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (s,"\015\012"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:2024:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:2026:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"{%.200s/nntp",(long) mail_parameters (NIL,GET_TRUSTDNS,NIL) ? data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:2032:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tmp,"/ssl"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:2033:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tmp,"}<none>"); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:2049:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN],usr[MAILTMPLEN], *pwd2 = NIL, *base; data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:2096:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can not authenticate to NNTP server: %.80s",lsterr); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:2152:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:2158:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"NNTP SERVER BUG (invalid challenge): %.80s",stream->reply+4); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:2210:30: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return stream->replycode = atol (stream->reply); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:32:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rv[37]; data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:37:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rv + strlen(rv), "%x", (unsigned int) (random() % 256)); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:38:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rv + strlen(rv), "%c", '-'); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:40:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rv + strlen(rv), "%x", (unsigned int) (random() % 256)); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:41:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rv + strlen(rv), "%c", '-'); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:43:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rv + strlen(rv), "%x", (unsigned int) (random() % 256)); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:44:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rv + strlen(rv), "%c", '-'); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:46:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rv + strlen(rv), "%x", (unsigned int) (random() % 256)); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:47:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rv + strlen(rv), "%c", '-'); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:49:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rv + strlen(rv), "%x", (unsigned int) (random() % 256)); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:175:54: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case JString: oauth2->devicecode.expires_in = atoi((char *) jx->value); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:183:52: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case JString: oauth2->devicecode.interval = atoi((char *) jx->value); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:221:55: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case JString: oauth2->expiration = time(0) + atol((char *) jx->value); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:229:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. default : { char tmp[100]; data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:230:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "Oauth2 client Received Code %d", status); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:279:50: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case JString: oauth2->expiration = time(0) + atol((char *) jx->value); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:287:42: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). oauth2->expiration = time(0) + atol((char *) jx->value); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:295:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. default : { char tmp[100]; data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:296:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "Oauth2 Client Received Code %d", status); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:357:50: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case JString: oauth2->expiration = time(0) + atol((char *) jx->value); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:368:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. default : { char tmp[100]; data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:369:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "Oauth device Received Code %d", status); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:428:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char user[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:229:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:245:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:248:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (strchr (strcpy (tmp,ref),'}')+1,"INBOX"); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:253:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (strchr (strcpy (tmp,pat),'}')+1,"INBOX"); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:267:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,mbx[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:383:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,tmp[MAILTMPLEN],usr[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:420:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"{%.200s:%lu/pop3", data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:424:23: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.tlsflag) strcat (tmp,"/starttls"); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:425:25: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.tlssslv23) strcat (tmp,"/tls-sslv23"); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:426:20: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.tls1) strcat (tmp,"/tls1"); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:427:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.tls1_1) strcat (tmp,"/tls1_1"); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:428:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.tls1_2) strcat (tmp,"/tls1_2"); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:429:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.tls1_3) strcat (tmp,"/tls1_3"); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:430:25: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.notlsflag) strcat (tmp,"/nostarttls"); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:431:23: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.sslflag) strcat (tmp,"/ssl"); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:432:26: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mb.novalidate) strcat (tmp,"/novalidate-cert"); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:433:43: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if ((LOCAL->loser = mb.loser) != 0) strcat (tmp,"/loser"); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:434:27: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (stream->secure) strcat (tmp,"/secure"); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:521:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ((s && !compare_cstring (s,"USER")) ? -atoi (args) : atoi (args)); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:521:57: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ((s && !compare_cstring (s,"USER")) ? -atoi (args) : atoi (args)); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:532:3: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). -atoi (args) : atoi (args); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:532:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). -atoi (args) : atoi (args); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:627:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (pwd,"Retrying using %.80s authentication after %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:664:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (pwd,"Can not authenticate to POP3 server: %.80s",t); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:670:22: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if(!authsaved) sprintf (pwd,"Client does not support AUTH=%.80s authenticator",mb->auth); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:671:26: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if (!atsaved) sprintf (pwd,"POP server does not support AUTH=%.80s authenticator",mb->auth); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:724:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:731:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"POP3 SERVER BUG (invalid challenge): %.80s",LOCAL->reply); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:869:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:878:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"TOP %lu 0",mail_uid (stream,msgno)); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:984:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:1010:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Expunged %lu messages",n); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:1063:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:1064:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu",mail_uid (stream,n)); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:1087:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (s,"\015\012"); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:66:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *body_types[TYPEMAX+1] = { data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:72:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *body_encodings[ENCMAX+1] = { data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:608:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*t,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:670:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"MIME type table overflow: %.100s",s); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:679:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unknown MIME type: %.100s",s); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:711:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"MIME encoding table overflow: %.100s",s); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:720:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unknown MIME transfer encoding: %.100s",s); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:740:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:766:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Missing parameter value: %.80s",param->attribute); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:774:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unexpected characters at end of parameters: %.80s",text); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:788:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:828:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (!*string) strcpy (tmp,"Missing address after comma"); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:829:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (tmp,"Invalid mailbox list: %.80s",string); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:880:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:916:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unexpected characters after address in group: %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:927:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid group mailbox list: %.80s",*string); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1008:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1036:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unterminated at-domain-list: %.80s%.80s",adl,t); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1054:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unterminated mailbox: %.80s@%.80s",adr->mailbox, data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1373:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ret,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1396:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unterminated comment: %.80s",*s); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1438:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf->cur,string,i); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1793:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; /* make cookie not in BASE64 or QUOTEPRINT*/ data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1794:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu-%lu-%lu=:%lu",(unsigned long) gethostid (), data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1861:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; /* make cookie not in BASE64 or QUOTEPRINT*/ data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1862:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu-%lu-%lu=:%lu",(unsigned long) gethostid (), data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1909:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cookie,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1917:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (cookie = tmp,"%lu-%lu-%lu=:%lu",(unsigned long) gethostid (), data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1960:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1964:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char decode[256] = { data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:2025:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Possible data truncation in rfc822_base64(): %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:2107:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:2144:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid quoted-printable sequence: =%.80s", data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:2409:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[SENDBUFLEN+1]; /* client to give us a big enough one */ data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:2430:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[SENDBUFLEN+1]; data/alpine-2.24+dfsg1/imap/src/c-client/smanager.c:40:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,db[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/smanager.c:44:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen (db,"r")) != NULL) { /* make sure not already there */ data/alpine-2.24+dfsg1/imap/src/c-client/smanager.c:48:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Already subscribed to mailbox %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/c-client/smanager.c:56:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(f = fopen (db,"a"))) { /* append new entry */ data/alpine-2.24+dfsg1/imap/src/c-client/smanager.c:72:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN],old[MAILTMPLEN],newname[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/smanager.c:78:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(f = fopen (old,"r"))) /* open subscription database */ data/alpine-2.24+dfsg1/imap/src/c-client/smanager.c:80:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (!(tf = fopen (newname,"w"))) { data/alpine-2.24+dfsg1/imap/src/c-client/smanager.c:94:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not subscribed to mailbox %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/c-client/smanager.c:116:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen (sbname,"r")) != NULL) *sdb = (void *) f; data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:147:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:153:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"{%.1000s}",*hostlist); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:156:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid host specifier: %.80s",*hostlist); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:166:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (mb.service,"submission"); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:188:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"SMTP greeting failure: %.80s",stream->reply); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:195:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"SMTP hello failure: %.80s",stream->reply); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:213:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to negotiate TLS with this server: %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:223:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"SMTP EHLO failure after STARTTLS: %.80s", data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:231:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"TLS unavailable with this server: %.80s",mb.host); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:286:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char usr[MAILTMPLEN], *base; data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:343:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can not authenticate to SMTP server: %.80s",lsterr); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:349:22: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if(!authsaved) sprintf (tmp, "Client does not support AUTH=%.80s authenticator",mb->auth); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:350:26: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if (!atsaved) sprintf (tmp,"SMTP server does not support AUTH=%.80s authenticator",mb->auth); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:364:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:370:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"SMTP SERVER BUG (invalid challenge, continuing): %.80s",stream->reply+4); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:440:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[SENDBUFLEN+1], smtpserver[SENDBUFLEN+1], *error_string; data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:474:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tmp,"FROM:<"); /* compose "MAIL FROM:<return-path>" */ data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:493:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tmp," BODY=8BITMIME"); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:497:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen (tmp)," ENVID=%.100s",ESMTP.dsn.envid); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:575:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[2*MAILTMPLEN],orcpt[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:597:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tmp,"TO:<"); /* compose "RCPT TO:<return-path>" */ data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:608:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tmp," NOTIFY="); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:610:34: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (ESMTP.dsn.notify.failure) strcat (s,"FAILURE,"); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:611:32: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (ESMTP.dsn.notify.delay) strcat (s,"DELAY,"); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:612:34: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (ESMTP.dsn.notify.success) strcat (s,"SUCCESS,"); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:615:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. else strcat (tmp,"NEVER"); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:617:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (orcpt,"%.498s;%.498s", data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:620:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen (tmp)," ORCPT=%.500s",orcpt); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:656:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (s,"\015\012"); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:684:13: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). reply = atol (stream->reply); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:703:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,*r,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:709:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tmp,"\015\012"); data/alpine-2.24+dfsg1/imap/src/c-client/sslio.h:32:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). SSLSTREAM *(*open) (char *host,char *service,unsigned long port); data/alpine-2.24+dfsg1/imap/src/c-client/sslio.h:53:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char obuf[SSLBUFLEN]; /* output buffer */ data/alpine-2.24+dfsg1/imap/src/c-client/utf8.c:2270:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mark[6] = {0x00,0xc0,0xe0,0xf0,0xf8,0xfc}; data/alpine-2.24+dfsg1/imap/src/c-client/utf8aux.c:145:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dst->data = (unsigned char *) fs_get (dsize),src->data, data/alpine-2.24+dfsg1/imap/src/charset/widths.c:39:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char ucs4_widthtab[32768] = { data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:77:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chunk[CHUNKLEN]; data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:133:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:161:65: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (s[2] && ((s[2] == '-') || isdigit (s[2]))) precedence = atol (s + 2); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:163:20: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). precedence = atol (s); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:171:18: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). else if (!(f = tmpfile ())) _exit(fail ("can't make temp file",EX_TEMPFAIL)); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:224:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*mailbox,tmp[MAILTMPLEN],path[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:236:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"delivering to %.80s+%.80s",user,mailbox ? mailbox : "INBOX"); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:250:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"invalid mailbox name %.80s+%.80s",user,mailbox); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:271:35: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (s = strstr (path,"&&&&&")) && strcpy (s,"INBOX") && data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:304:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"attempting to create mailbox %.80s path %.80s",mailbox,path); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:308:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"created %.80s",path); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:323:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:338:39: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (s = strstr (path,"&&&&&")) && strcpy (s,"INBOX")) ? T : NIL; data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:365:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"WARNING: directory %.80s is listable",path); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:371:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"WARNING: multiple links to file %.80s",path); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:375:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"WARNING: file %.80s is executable",path); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:380:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"WARNING: file %.80s is publicly-writable",path); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:384:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"WARNING: file %.80s is publicly-readable",path); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:396:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (flagseen) sprintf (flags = tmp,"\\Seen %.1000s",keywords); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:402:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"message delivery failed to %.80s",path); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:406:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"delivered to %.80s",path); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:422:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Verifying safe delivery to %.80s",path); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:425:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"delivery to %.80s unsafe: ",path); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:433:34: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (sbuf->st_mode & S_ISUID) strcat (tmp,"setuid file"); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:435:39: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. else if (sbuf->st_mode & S_ISGID) strcat (tmp,"setgid file"); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:438:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. case S_IFCHR: strcat (tmp,"character special"); break; data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:439:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. case S_IFBLK: strcat (tmp,"block special"); break; data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:440:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. case S_IFLNK: strcat (tmp,"symbolic link"); break; data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:441:18: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. case S_IFSOCK: strcat (tmp,"socket"); break; data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:443:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen (tmp),"file type %07o",(unsigned int) type); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:564:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:246:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cmdbuf[CMDLEN]; /* command buffer */ data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:261:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *litstk[LITSTKLEN]; /* stack to hold literals */ data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:304:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *s,*t,*u,*v,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:333:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char proxy[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:334:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *nntp = fopen (NNTPFILE,"r"); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:672:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tmp,"\\Answered \\Flagged \\Deleted \\Draft \\Seen"); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1067:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"{%.300s/nntp}%.300s",nntpproxy,(char *) s+6); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1235:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen (tmp)," MESSAGES %lu",stream->nmsgs); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1237:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen (tmp)," RECENT %lu",stream->recent); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1241:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen (tmp)," UNSEEN %lu",unseen); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1244:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen (tmp)," UIDNEXT %lu",stream->uid_last+1); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1246:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen(tmp)," UIDVALIDITY %lu", data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1249:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tmp,")\015\012"); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1255:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"{%.300s/nntp}%.300s",nntpproxy,(char *) s+6); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1415:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"* OK Timeout in %lu minutes\015\012", data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1421:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"* %lu EXISTS\015\012* %lu RECENT\015\012", data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1443:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"* %lu EXPUNGE\015\012",donefake--); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1446:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"* %lu EXISTS\015\012* %lu RECENT\015\012", data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1528:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"[%.80sUID %lu ",(char *) data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1599:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1669:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"1:%lu",nmsgs); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1718:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). !(alf = fopen (file,"r"))) return oldtime; data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1932:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,buf[8*MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1938:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (buf,O_WRONLY | O_CREAT | O_TRUNC,0666)) >= 0) { data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:2007:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stack[256]; data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:2101:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char msg[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:2247:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char base64mask[256] = { data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:2330:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cur->text.data,t,i); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:2704:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((*string)->text.data,s,i); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:2756:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (t,"(FLAGS INTERNALDATE RFC822.SIZE ENVELOPE)"); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:2758:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (t,"(FLAGS INTERNALDATE RFC822.SIZE ENVELOPE BODY)"); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:2759:32: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else if (!strcmp (t,"FAST")) strcpy (t,"(FLAGS INTERNALDATE RFC822.SIZE)"); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3120:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (cst.data) memcpy ((void *) &st,(void *) &cst,sizeof (SIZEDTEXT)); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3141:15: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (st.size) sprintf (tmp + strlen (tmp),"{%lu}\015\012",st.size); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3142:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. else strcat (tmp,"\"\""); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3214:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy (tmp,"BODY[TEXT]"); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3247:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (fs_get (st->size + 1),st->data,st->size); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3272:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3276:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu",i); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3330:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3333:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu",i); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3372:34: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. hdr.data = (unsigned char *) memcpy (fs_get (hdr.size),s,hdr.size); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3409:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3412:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu",i); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3504:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. pstring ((char *) body_types[body->type]); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3514:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. pstring ((char *) body_encodings[body->encoding]); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3573:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. pstring ((char *) body_types[body->type]); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3583:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. pstring ((char *) body_encodings[body->encoding]); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3677:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3678:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu",i); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3845:32: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (ta->first || ta->last) sprintf (id + strlen (id),"<%lu>",ta->first); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4044:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (pattern,"Invalid reference specification: %.80s",ref); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4049:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (pattern,"Invalid pattern specification: %.80s",pat); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4054:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (pattern,"{%.300s/nntp}",nntpproxy); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4082:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *t,resp[RESPBUFLEN]; data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4131:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4159:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Cross-format (%.80s -> %.80s) COPY completed", data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4181:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4190:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu",md->msgno); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4195:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->seen) strcat (s," \\Seen"); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4196:25: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->deleted) strcat (s," \\Deleted"); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4197:25: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->flagged) strcat (s," \\Flagged"); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4198:26: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->answered) strcat (s," \\Answered"); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4199:23: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->draft) strcat (s," \\Draft"); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4435:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4438:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen (tmp)," MESSAGES %lu",status->messages); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4440:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen (tmp)," RECENT %lu",status->recent); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4442:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen (tmp)," UNSEEN %lu",status->unseen); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4444:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen (tmp)," UIDNEXT %lu",status->uidnext); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4446:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen(tmp)," UIDVALIDITY %lu",status->uidvalidity); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4467:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4478:42: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (attributes & LATT_NOINFERIORS) strcat (tmp," \\NoInferiors"); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4479:39: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (attributes & LATT_NOSELECT) strcat (tmp," \\NoSelect"); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4480:37: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (attributes & LATT_MARKED) strcat (tmp," \\Marked"); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4481:39: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (attributes & LATT_UNMARKED) strcat (tmp," \\UnMarked"); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4482:42: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (attributes & LATT_HASCHILDREN) strcat (tmp," \\HasChildren"); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4483:44: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (attributes & LATT_HASNOCHILDREN) strcat (tmp," \\HasNoChildren"); data/alpine-2.24+dfsg1/imap/src/ipopd/ipop2d.c:68:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char status[MAILTMPLEN]; /* space for status string */ data/alpine-2.24+dfsg1/imap/src/ipopd/ipop2d.c:97:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdbuf[TMPLEN]; data/alpine-2.24+dfsg1/imap/src/ipopd/ipop2d.c:128:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (logout = cmdbuf,"%.80s while reading line",e); data/alpine-2.24+dfsg1/imap/src/ipopd/ipop2d.c:287:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[TMPLEN]; data/alpine-2.24+dfsg1/imap/src/ipopd/ipop2d.c:314:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"{%.128s/user=%.128s}INBOX",u,user); data/alpine-2.24+dfsg1/imap/src/ipopd/ipop2d.c:359:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"1:%lu",j); /* fetch fast information for all messages */ data/alpine-2.24+dfsg1/imap/src/ipopd/ipop2d.c:452:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[TMPLEN]; data/alpine-2.24+dfsg1/imap/src/ipopd/ipop2d.c:458:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu",msg[current++]); data/alpine-2.24+dfsg1/imap/src/ipopd/ipop2d.c:471:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[TMPLEN]; data/alpine-2.24+dfsg1/imap/src/ipopd/ipop2d.c:477:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu",msg[current]); data/alpine-2.24+dfsg1/imap/src/ipopd/ipop2d.c:617:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/ipopd/ipop2d.c:620:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (logout = tmp,"Mailbox closed (%.80s)",string); data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:72:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char challenge[128]; /* challenge */ data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:110:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:132:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (challenge,"<%lx.%lx@%.64s>",(unsigned long) getpid (), data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:169:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (logout = tmp,"%.80s, while reading line",e); data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:316:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"+OK %lu %lu\015\012",j,k); data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:323:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"+OK %lu %lu\015\012",i, data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:333:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu %lu\015\012",i, data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:345:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"+OK %lu %08lx%08lx\015\012",i,stream->uid_validity, data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:355:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu %08lx%08lx\015\012",i,stream->uid_validity, data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:371:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"+OK %lu octets\015\012", data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:427:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"+OK %lu\015\012",last); data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:506:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (k) sprintf (s,",%lu:%lu",i,k); data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:507:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (s,",%lu",i); data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:521:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (k) sprintf (s,",%lu:%lu",i,k); data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:522:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (s,",%lu",i); data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:654:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:681:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"{%.128s/user=%.128s}INBOX",host,user); data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:704:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *t,resp[RESPBUFLEN]; data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:705:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:731:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (logout = tmp,"%.80s, while reading authentication",e); data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:747:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (logout = tmp,"%.80s, while reading auth char",e); data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:770:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:781:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"1:%lu",j); /* fetch fast information for all messages */ data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:795:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"+OK Mailbox open, %lu messages\015\012",nmsgs); data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:982:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:985:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (logout = tmp,"Mailbox closed (%.80s)",string); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:186:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,*dp,*t,*t1,tmp[MAILTMPLEN],mbx[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:333:27: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (last != start) sprintf (t,":%lu,%lu",last,m); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:335:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (t,",%lu",m); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:346:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s,"%lu",start = last = m); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:351:26: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (last != start) sprintf (t,":%lu",last); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:372:20: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). else if (!(f = tmpfile ())) puts ("can't open temporary file"); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:479:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:599:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *criterion,*r,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:692:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unknown search criterion: %.30s",criterion); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:736:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:813:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"1:%lu",ap.msgmax); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:819:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"1:%lu",ap.msgno); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:850:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,*t1,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:862:56: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if ((elt = mail_elt (ap->stream,ap->msgno))->seen) strcat (t," \\Seen"); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:863:23: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->deleted) strcat (t," \\Deleted"); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:864:23: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->flagged) strcat (t," \\Flagged"); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:865:24: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->answered) strcat (t," \\Answered"); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:866:21: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->draft) strcat (t," \\Draft"); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:1040:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:1045:18: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (*mb->user) strcat (s = tmp,"} password:"); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:1061:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:1065:20: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (*mb->user) strcat (s = tmp,"} access token: "); data/alpine-2.24+dfsg1/imap/src/mlock/mlock.c:71:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*dir,*file,*lock,*hitch,tmp[1024]; data/alpine-2.24+dfsg1/imap/src/mlock/mlock.c:98:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (fstat (atoi (argv[1]),&fsb)) return die ("fstat failure",errno); data/alpine-2.24+dfsg1/imap/src/mlock/mlock.c:129:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ld = open (hitch,O_WRONLY|O_CREAT|O_EXCL,LOCKPROTECTION)) >= 0) { data/alpine-2.24+dfsg1/imap/src/mlock/mlock.c:149:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ld = open (lock,O_WRONLY|O_CREAT|O_EXCL,LOCKPROTECTION)) >= 0) { data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:60:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char personalname[MAILTMPLEN]; /* user's personal name */ data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:89:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN],tmpx[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:152:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:164:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (arg) last = atoi (arg); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:181:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (arg) last = atoi (arg); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:188:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (arg,"%lu",last); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:219:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (!(last = atoi (arg))) { data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:234:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (arg) last = atoi (arg); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:284:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (arg) last = atoi (arg); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:319:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (arg) last = atoi (arg); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:326:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (arg,"%lu",last); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:377:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:387:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp+5,"%4lu) ",elt->msgno); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:398:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (tmp+18,t,(size_t) min (20,(long) strlen (t))); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:407:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tmp,"} "); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:409:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen (tmp),"%.25s (%lu chars)", data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:424:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:433:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp+5,"%4lu) ",cache->msgno); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:445:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tmp,"} "); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:448:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (t += strlen (t)," (%lu chars)",cache->rfc822_size); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:460:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:483:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s += strlen (s)," (%lu lines)",body->size.lines); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:486:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s += strlen (s)," (%lu bytes)",body->size.bytes); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:509:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,date[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:710:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:717:18: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (*mb->user) strcat (s = tmp,"} password:"); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:769:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:811:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (text,"\015\012"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:109:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:154:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,test[MAILTMPLEN],file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:216:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,test[MAILTMPLEN],tmp[MAILTMPLEN],tmpx[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:243:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:249:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"CLIENT BUG DETECTED: subscribe of non-mailbox directory %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:255:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't subscribe %.80s: not a mailbox",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:276:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN],path[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:286:35: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dt = mail_parameters ((*drivers->open) (NIL),GET_DIRFMTTEST,NIL); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:376:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (name,O_RDONLY,NIL)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:384:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf,buf+BUFSIZE,ssiz); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:413:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:421:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dt = mail_parameters ((*d->open) (NIL),GET_DIRFMTTEST,NIL); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:453:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:457:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create %.80s: invalid name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:476:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:499:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (path,O_WRONLY|O_CREAT|O_EXCL, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:503:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mailbox node %.80s: %.80s",path,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:519:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:521:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't delete - invalid name: %.80s",s); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:528:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't delete mailbox %.80s: %.80s",mailbox,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:545:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],mbx[MAILTMPLEN],oldname[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:550:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (mbx,"Can't rename %.80s to %.80s: invalid name",old,newname); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:569:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %.80s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:585:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:592:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"Can't open this name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:593:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (tmp,O_RDONLY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:596:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"%.80s: %.80s",strerror (errno),stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:602:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"Can't open %.80s: not a selectable mailbox", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:605:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"Can't open %.80s (file %.80s): not in valid mailbox format", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:654:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (fs_get (sizeof (MAILSTREAM)),stream, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:657:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (stream,test,sizeof (MAILSTREAM)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:721:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:729:47: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (dummy_file (tmp,mailbox) && ((fd = open (tmp,O_RDONLY,NIL)) < 0)) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:732:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%.80s: %.80s",strerror (e),mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:742:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Indeterminate mailbox format: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:83:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *userFlags[NUSERFLAGS] = {NIL}; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:608:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:638:36: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (!myNewsrc) myNewsrc = cpystr(strcat (strcpy (tmp,myHomeDir),"/.newsrc")); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:645:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (*createProto->dtb->open) (NIL); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:694:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:722:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:738:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:755:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:872:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:885:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((j = open (name,O_WRONLY|O_CREAT|O_EXCL,(int) lock_protection)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:893:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s is locked, will override in %d seconds...", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:904:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox vulnerable - seizing %ld second old lock", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:911:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((i = open (base->lock,O_WRONLY|O_CREAT,(int) lock_protection)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:913:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s lock overridden",file); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:934:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[4],arg[20]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:936:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (arg,"%d",fd); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:1056:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:1067:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((fd = open (lock,O_RDWR,lock_protection)) >= 0) || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:1070:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (lock,O_RDWR|O_CREAT|O_EXCL,lock_protection); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:1099:53: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (read (fd,tmp,i) == i) && !(tmp[i] = 0) && ((i = atol (tmp)) > 0)) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.h:28:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:77:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; /* buffer to write lock name */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:181:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:210:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,*t,hdr[HDRSIZE]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:216:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((fd = open (tmp,(flags ? O_RDWR : O_RDONLY)|O_BINARY,NIL)) >= 0)) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:273:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (hdr,"%08lx",++(*stream)->uid_last); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:290:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (hdr,"%08lx",(*stream)->uid_last); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:385:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,mbx[MAILTMPLEN],tmp[HDRSIZE]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:389:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (mbx,"Can't create %.80s: invalid name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:396:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (mbx,O_WRONLY|O_BINARY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:403:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s = tmp,"*mbx*\015\012%08lx00000000\015\012", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:446:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:459:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_RDWR|O_BINARY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:472:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s is in use by another process",old); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:561:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:568:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:572:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (fd = open (tmp,O_RDWR|O_BINARY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:573:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (tmp,O_RDONLY|O_BINARY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:806:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:856:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Reclaimed %lu bytes of expunged space",i); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:896:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Expunged %lu messages",nexp); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:900:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Reclaimed %lu bytes of expunged space",reclaimed); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:917:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *hdr,*txt,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:941:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf + strlen (LOCAL->buf), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:958:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (tmp,"1:%lu",r); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:992:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1009:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1014:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Invalid MBX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1019:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Not a MBX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1038:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf+strlen(LOCAL->buf),",%lu;%08lx%04x-%08lx\015\012", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1065:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"%08lx",dstream->uid_last); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1107:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1133:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1137:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid MBX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1141:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a MBX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1166:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1249:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1261:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox shrank from %lu to %lu!", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1313:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to find CRLF at %lu in %lu bytes, text: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1322:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to parse internal header at %lu: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1332:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to parse message flags at %lu: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1342:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to parse message UID at %lu: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1352:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to parse message size at %lu: %.80s,%.80s;%.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1361:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1372:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid UID %08lx in message %lu, rebuilding UIDs", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1399:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to parse message date at %lu: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1501:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Mailbox shrank from %lu to %lu in flag read!", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1549:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s,"*mbx*\015\012%08lx%08lx\015\012", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1557:28: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. while (i++ < NUSERFLAGS) strcat (s,"\015\012"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1558:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf + HDRSIZE - 10,"%08lx\015\012",LOCAL->lastpid); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1585:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Mailbox shrank from %lu to %lu in flag update!", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1605:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"%08lx%04x-%08lx",elt->user_flags,(unsigned) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1701:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1833:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1852:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (LOCAL->lock,lock,MAILTMPLEN); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:61:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[CHUNKSIZE]; /* temporary buffer */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:170:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:185:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,altname[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:199:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%.900s not found, mh format names disabled",mh_profile); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:207:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (altname,"#mh%.900s",tmp+i); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:246:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (mh_profile = cpystr (tmp),O_RDONLY,NIL)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:341:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,test[MAILTMPLEN],file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:400:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,test[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:420:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cp,*np,curdir[MAILTMPLEN],name[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:423:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy (name,"#mh/"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:477:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:479:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mailbox %.80s: invalid MH-format name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:482:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mailbox %.80s: mailbox already exists",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:504:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:507:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't delete mailbox %.80s: no such mailbox",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:539:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],tmp1[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:543:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename mailbox %.80s: no such mailbox",old); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:545:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename to mailbox %.80s: invalid MH-format name", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:549:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename to mailbox %.80s: destination already exists", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:577:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:667:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((fd = open (LOCAL->buf,O_RDONLY,NIL)) >= 0)) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:844:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:855:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open mailbox %.80s: no such mailbox",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:869:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((j = atoi (names[i]->d_name)) > old) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:902:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((fd = open (LOCAL->buf,O_WRONLY|O_CREAT|O_EXCL, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:927:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu",i);/* delete it from the sysinbox */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:936:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message copy to MH mailbox failed: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1009:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Expunged %lu messages",n); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1037:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flags[MAILTMPLEN],date[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1046:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (LOCAL->buf,O_RDONLY,NIL)) < 0) return NIL; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1064:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->seen) strcat (flags," \\Seen"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1065:20: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->deleted) strcat (flags," \\Deleted"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1066:20: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->flagged) strcat (flags," \\Flagged"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1067:21: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->answered) strcat (flags," \\Answered"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1068:18: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->draft) strcat (flags," \\Draft"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1095:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*flags,*date,*s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1118:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid MH-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1122:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a MH-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1130:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). last = atoi (names[nfiles-1]->d_name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1147:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1154:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen (tmp),"/%ld",++last); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1155:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((fd = open (tmp,O_WRONLY|O_CREAT|O_EXCL, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1211:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi ((*(struct direct **) d1)->d_name) - data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1212:5: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi ((*(struct direct **) d2)->d_name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1229:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (dst,"%.900s/%.80s",path,MHINBOXDIR); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1231:26: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if (*name == '#') sprintf (dst,"%.100s/%.900s",path,name + 4); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1248:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:223:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:236:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:395:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,tmp[MAILTMPLEN],file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:403:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp,"Can't create mailbox %.80s: invalid MIX-format name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:407:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mailbox %.80s: mailbox already exists",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:412:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mailbox %.80s: %.80s",mailbox,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:413:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (!(f = fopen (file,"w"))) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:414:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't re-open metadata %.80s: %.80s",mailbox, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:432:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mix mailbox index: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:437:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mix mailbox status: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:441:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s,"%08lx",now);/* message file */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:443:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mix mailbox data: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:466:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:468:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't delete mailbox %.80s: no such mailbox",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:469:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (((fd = open (tmp,O_RDWR,NIL)) < 0) || flock (fd,LOCK_EX|LOCK_NB)) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:470:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't lock mailbox for delete: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:488:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't delete name %.80s: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:509:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],tmp1[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:513:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename mailbox %.80s: no such mailbox",old); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:514:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (((fd = open (tmp,O_RDWR,NIL)) < 0) || flock (fd,LOCK_EX|LOCK_NB)) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:515:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't lock mailbox for rename: %.80s",old); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:517:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename to mailbox %.80s: invalid MIX-format name", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:521:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename to mailbox %.80s: destination already exists", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:574:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:616:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((LOCAL->mfd = open (mix_file (LOCAL->buf,stream->mailbox,MIXMETA), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:619:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((LOCAL->mfd = open (mix_file (LOCAL->buf,stream->mailbox,MIXMETA), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:710:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:718:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((LOCAL->msgfd = open (mix_file_data (LOCAL->buf,stream->mailbox, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:744:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Inconsistency in mix message size, uid=%lx (%lu != %lu)", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:781:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((LOCAL->msgfd = open (mix_file_data (LOCAL->buf,stream->mailbox, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:929:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *message,date[MAILTMPLEN],flags[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:956:19: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->seen) strcat (flags," \\Seen"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:957:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->flagged) strcat (flags," \\Flagged"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:958:23: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->answered) strcat (flags," \\Answered"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:959:20: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->draft) strcat (flags," \\Draft"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:964:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sequence[15]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:965:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sequence,"%lu",i); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:973:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Can't copy new mail at message: %lu",i - 1); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1085:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Can't locate mix message file %.08lx", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1099:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1135:15: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (nexp) sprintf (s = LOCAL->buf,"Expunged %lu messages",nexp); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1137:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s=LOCAL->buf,"Reclaimed %lu bytes of expunged space",reclaimed); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1192:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1193:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Backwards-running mix index %lu < %lu",start,s->last); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1249:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (((fd = open (LOCAL->buf,O_RDWR,NIL)) < 0) || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1251:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Error opening mix message file %.80s: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1269:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Bad message token in mix message file at %lu", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1339:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1340:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unexpected short mix message file %.80s %lu < %lu", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1360:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[2*MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1371:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a MIX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1420:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((LOCAL->msgfd = open (mix_file_data (LOCAL->buf, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1441:21: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->seen) strcat (tmp," \\Seen"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1442:24: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->deleted) strcat (tmp," \\Deleted"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1443:24: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->flagged) strcat (tmp," \\Flagged"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1444:25: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->answered) strcat (tmp," \\Answered"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1445:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->draft) strcat (tmp," \\Draft"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1479:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message copy failed: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1491:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error opening copy message file: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1517:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1530:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a MIX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1570:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1597:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message append failed: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1608:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error opening append message file: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1739:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (LOCAL->index,iflags ? O_RDWR : O_RDONLY,NIL)) < 0) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1791:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1792:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"flag rename old=%.80s new=%.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1825:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,*msg,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1866:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"mix index invalid UID (%08lx < %08lx)", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1872:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tmp,", repaired"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1882:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"mix index backwards UID: %lx",uid); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1896:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"mix index data unexpunged UID: %lx", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1912:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"mix index data mismatch: %lx",uid); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1927:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"mix index UID mismatch (%lx < %lx)", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1966:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tmp,", repaired"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1975:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Missing mix data file: %.500s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2001:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tmp,", repaired"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2023:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unknown record in mix index file: %.500s",s); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2042:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (LOCAL->status, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2055:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2119:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2244:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2323:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2327:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2376:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error updating mix status file: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2417:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((*fd = open (mix_file_data (LOCAL->buf,stream->mailbox,LOCAL->newmsg), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2426:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2427:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"short mix message file %.08lx (%ld > %ld), rolling", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2433:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). while ((*fd = open (mix_file_data data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2444:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2445:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"data file %.08lx creation failure: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2473:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,*msg,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2484:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (((fd = open (LOCAL->sortcache,O_RDWR|O_CREAT,sbuf.st_mode)) < 0) && data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2485:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). !(rdonly = ((fd = open (LOCAL->sortcache,O_RDONLY,NIL)) >= 0))) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2752:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2786:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2835:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (dst,"%.500s/%.80s%.80s",dir,MIXNAME,name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2849:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2850:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (data) sprintf (tmp,"%08lx",data); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:352:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:367:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:374:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_RDONLY,NIL)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:465:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,mbx[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:470:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create %.80s: invalid name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:478:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (mbx,O_WRONLY, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:532:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:547:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s is in use by another process",old); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:598:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:610:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:637:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Trying to get mailbox lock from process %ld",i); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:655:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%d",getpid ()); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:835:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c,*s,*t,*tl,tmp[CHUNKSIZE]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:999:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (i) sprintf (msg = LOCAL->buf,"Expunged %lu messages",i); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1025:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1051:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1056:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Invalid MMDF-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1061:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Not a MMDF-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1071:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Unable to write-open mailbox for COPYUID: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1167:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,buf[BUFLEN],tmp[MAILTMPLEN],file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1197:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1201:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid MMDF-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1205:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a MMDF-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1212:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to examine mailbox for APPEND: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1219:14: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (!(sf = tmpfile ())) { /* must have scratch file */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1220:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,".%lx.%lx",(unsigned long) time (0),(unsigned long)getpid ()); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1221:37: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!stat (tmp,&sbuf) || !(sf = fopen (tmp,"wb+"))) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1222:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to create scratch file: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1231:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1243:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error writing scratch file: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1253:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error finishing scratch file: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1267:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to re-open mailbox for APPENDUID: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1360:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *x,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1501:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (file,flags,mode)) >= 0) flock (fd,op); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1505:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,flags,mode)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1509:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (file,flags,mode)) >= 0) flock (fd,op); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1571:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c,*s,*t,*u,tmp[MAILTMPLEN],date[30]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1601:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox shrank from %lu to %lu bytes, aborted", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1628:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unexpected changes to mailbox (try restarting): %.20s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1825:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message %lu UID %lu already has UID %lu", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1830:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message %lu UID %lu less than %lu", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1836:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message %lu UID %lu greater than last %lu", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1912:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1931:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1932:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"Discarding bogus continuation in msg %lu: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:2062:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (LOCAL->linebuf,bs->curpos,i); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:2088:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret,LOCAL->linebuf,i); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:2091:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + i,bs->curpos,k = min (j,bs->cursize)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:2128:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:2155:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,stack[64]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:2398:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((LOCAL->fd = open (stream->mailbox,O_RDWR, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:2459:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (f->bufpos,buf,k = min (j,size)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:2515:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (f->bufpos,buf,size); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:2543:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:159:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:173:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:183:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_RDONLY,NIL)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:284:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:297:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_RDWR,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:310:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s is in use by another process",old); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:396:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:404:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:408:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (fd = open (tmp,O_RDWR,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:409:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (tmp,O_RDONLY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:410:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open mailbox: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:601:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:660:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *hdr,*txt,lock[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:686:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf + strlen (LOCAL->buf), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:703:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (tmp,"1:%lu",r); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:740:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:821:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:828:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Expunged %lu messages",n); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:867:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:878:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:883:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Invalid MTX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:888:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Not a MTX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:895:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (mtx_file (file,mailbox),O_RDWR,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:969:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:991:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:995:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid MTX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:999:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a MTX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:1007:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((fd = open (mtx_file (file,mailbox),O_WRONLY|O_APPEND,NIL)) < 0) || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:1033:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:1086:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:1104:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:1113:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox shrank from %lu to %lu!", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:1179:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:1301:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"%010lo%02o",k,(unsigned) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:1333:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:164:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:349:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:353:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mailbox %.80s: invalid MX-format name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:357:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mailbox %.80s: mailbox already exists",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:386:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:388:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't delete mailbox %.80s: no such mailbox",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:424:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],tmp1[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:427:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename mailbox %.80s: no such mailbox",old); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:429:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename to mailbox %.80s: invalid MX-format name", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:433:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename to mailbox %.80s: destination already exists", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:512:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:629:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (mx_fast_work (stream,elt),O_RDONLY,NIL)) < 0) return ""; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:721:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:739:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((j = atoi (names[i]->d_name)) > old) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:770:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((fd = open (LOCAL->buf,O_WRONLY|O_CREAT|O_EXCL, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:795:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu",i);/* delete it from the sysinbox */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:803:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message copy to MX mailbox failed: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:875:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Expunged %lu messages",n); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:905:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:913:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Not a MX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:939:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (ret = ((fd = open (mx_fast_work (stream,elt),O_RDONLY,NIL)) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:953:19: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->seen) strcat (tmp," \\Seen"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:954:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->deleted) strcat (tmp," \\Deleted"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:955:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->flagged) strcat (tmp," \\Flagged"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:956:23: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->answered) strcat (tmp," \\Answered"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:957:20: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->draft) strcat (tmp," \\Draft"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:994:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1012:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid MX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1016:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a MX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1039:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1067:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1073:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (tmp,O_WRONLY|O_CREAT|O_EXCL, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1130:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi ((*(struct direct **) d1)->d_name) - data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1131:5: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi ((*(struct direct **) d2)->d_name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1164:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,*idx,tmp[2*MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1168:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (LOCAL->fd = open (strcat (strcpy (tmp,stream->mailbox),MXINDEXNAME), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1219:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error in index: %.80s",s); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1242:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MXIXBUFLEN + 64]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1247:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s = tmp,"V%08lxL%08lx",stream->uid_validity,stream->uid_last); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1259:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"M%08lx;%08lx.%04x",elt->private.uid,elt->user_flags,(unsigned) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:54:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[CHUNKSIZE]; /* scratch buffer */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:157:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((fd = open ((char *) mail_parameters (NIL,GET_NEWSACTIVE,NIL),O_RDONLY, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:198:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:213:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,*u,*r,pattern[MAILTMPLEN],name[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:225:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((fd = open ((char *) mail_parameters (NIL,GET_NEWSACTIVE,NIL), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:231:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (name,"#news."); /* write initial prefix */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:256:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pattern[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:360:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:378:2: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi (names[i]->d_name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:422:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi ((*(struct direct **) d1)->d_name) - data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:423:5: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi ((*(struct direct **) d2)->d_name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:500:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((fd = open (LOCAL->buf,O_RDONLY,NIL)) >= 0)) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/os_ami.c:74:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/os_ami.h:41:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/phile.c:60:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; /* temporary buffer */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/phile.c:150:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/phile.c:232:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/phile.c:257:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/phile.c:268:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (fd = open (tmp,O_RDONLY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/phile.c:310:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (tmp,"User-Number-%ld",(long) sbuf.st_uid); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/phile.c:525:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/phile.c:546:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN],file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/phile.c:549:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't append - not in valid mailbox format: %.80s",s); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/phile.c:550:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (tmp,"Can't append - invalid name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:108:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:109:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:127:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad format domain-literal: %.80s",host); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:140:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"DNS resolution %.80s",host); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:146:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"No such host as %.80s",host); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:158:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&sin.sin_addr,s,he->h_length); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:164:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&sin.sin_addr,he->h_addr,he->h_length); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:215:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to create selectable TCP socket (%d >= %d)", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:311:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + n,stc->text.data,stc->text.size); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:338:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret,s,*size = n); /* copy into a free storage string */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:344:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((ret = (char *) fs_get (n)),s,*size = n); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:371:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s,stream->iptr,n); /* yes, slurp as much as we can from it */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:716:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ret,host[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:725:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (host,"DNS canonicalization %.80s",name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:746:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ret,*t,adr[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:747:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ret = adr,"[%.80s]",inet_ntoa (sin->sin_addr)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.h:47:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[BUFLEN]; /* input buffer */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:166:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:180:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:190:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_RDONLY,NIL)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:291:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:304:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_RDWR,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:317:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s is in use by another process",old); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:403:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:411:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:415:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (fd = open (tmp,O_RDWR,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:416:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (tmp,O_RDONLY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:690:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:749:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *hdr,*txt,lock[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:775:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf + strlen (LOCAL->buf), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:792:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (tmp,"1:%lu",r); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:829:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:911:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:918:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Expunged %lu messages",n); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:957:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:968:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:973:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Invalid Tenex-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:978:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Not a Tenex-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:985:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (tenex_file(file,mailbox),O_RDWR,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1059:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1081:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1085:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid TENEX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1089:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a TENEX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1097:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((fd = open (tenex_file (file,mailbox),O_WRONLY|O_APPEND,NIL)) < 0) || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1123:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1198:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1216:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1225:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox shrank from %lu to %lu!", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1291:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1413:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"%010lo%02o",k,(unsigned) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tz_bsd.c:37:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s + strlen (s)," (%.50s)",((struct tm *) t)->tm_zone); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:215:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:222:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_RDONLY,NIL)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:248:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN],*s,*t,c = '\n'; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:325:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,mbx[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:330:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create %.80s: invalid name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:338:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (mbx,O_WRONLY, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:393:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:408:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s is in use by another process",old); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:459:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:471:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:498:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Trying to get mailbox lock from process %ld",i); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:516:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%d",getpid ()); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:696:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c,*s,*t,*tl,tmp[CHUNKSIZE]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:860:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (i) sprintf (msg = LOCAL->buf,"Expunged %lu messages",i); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:885:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:916:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:921:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Invalid UNIX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:926:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Not a UNIX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:936:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Unable to write-open mailbox for COPYUID: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1031:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,buf[BUFLEN],tmp[MAILTMPLEN],file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1060:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1064:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid UNIX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1068:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a UNIX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1075:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to examine mailbox for APPEND: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1082:14: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (!(sf = tmpfile ())) { /* must have scratch file */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1083:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,".%lx.%lx",(unsigned long) time (0),(unsigned long)getpid ()); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1084:37: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!stat (tmp,&sbuf) || !(sf = fopen (tmp,"wb+"))) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1085:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to create scratch file: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1094:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1106:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error writing scratch file: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1116:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error finishing scratch file: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1131:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to re-open mailbox for APPENDUID: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1224:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *x,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1372:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (file,flags,mode)) >= 0) flock (fd,op); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1376:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,flags,mode)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1380:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (file,flags,mode)) >= 0) flock (fd,op); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1442:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c,*s,*t,*u,tmp[MAILTMPLEN],date[30]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1472:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox shrank from %lu to %lu bytes, aborted", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1499:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unexpected changes to mailbox (try restarting): %.20s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1661:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message %lu UID %lu already has UID %lu", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1666:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message %lu UID %lu less than %lu", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1672:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message %lu UID %lu greater than last %lu", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1748:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1767:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1768:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"Discarding bogus continuation in msg %lu: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1905:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (LOCAL->linebuf,bs->curpos,i); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1931:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret,LOCAL->linebuf,i); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1934:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + i,bs->curpos,k = min (j,bs->cursize)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1965:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1992:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,stack[64]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:2252:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((LOCAL->fd = open (stream->mailbox,O_RDWR, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:2313:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (f->bufpos,buf,k = min (j,size)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:2369:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (f->bufpos,buf,size); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:2397:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:2475:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:2477:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create non-INBOX name as mbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:2504:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:2703:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:2705:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't append to that name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.h:83:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char weekday[4]={0,}, month[4]={0,}, time[11]={0,}; \ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.h:84:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tzone[4]={0,}; \ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.h:85:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char realtime[80]; \ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.h:94:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(realtime," remote from "); \ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.h:114:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char weekday[4]={0,}, month[4]={0,},time[11]={0,}; \ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.h:116:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char realtime[80]; \ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.h:124:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(realtime," remote from "); \ data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:154:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:173:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (tmp,O_BINARY|O_RDONLY,NIL)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:338:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:344:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((fd = open (tmp,O_BINARY|O_RDONLY,NIL)) < 0)) { data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:400:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:498:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:522:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (fd = open (tmp,O_BINARY|O_WRONLY|O_APPEND|O_CREAT, data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:575:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,buf[BUFLEN],tmp[MAILTMPLEN],file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:597:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a Bezerk-format mailbox: %.80ss",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:606:14: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (!(sf = tmpfile ())) { /* must have scratch file */ data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:607:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to create scratch file: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:614:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:626:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error writing scratch file: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:636:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error finishing scratch file: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:646:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((fd = open (tmp,O_BINARY|O_WRONLY|O_APPEND|O_CREAT, data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:688:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:755:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,tmp[MAILTMPLEN + 1],*db,datemsg[100]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:764:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox shrank from %ld to %ld!",curpos,sbuf.st_size); data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:770:26: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. db = datemsg + strlen (strcpy (datemsg,"Unparsable date: ")); data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:872:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:113:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:152:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,test[LISTTMPLEN],file[LISTTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:205:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,test[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:232:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:255:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[LISTTMPLEN],tmpx[LISTTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:324:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *buf,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:329:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((fd = open (tmp,O_RDONLY,NIL)) < 0)) return T; data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:337:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf,buf+BUFSIZE,ssiz); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:357:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:373:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:396:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (path,O_WRONLY|O_CREAT|O_EXCL,S_IREAD|S_IWRITE)) >= 0) data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:414:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:438:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:468:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:474:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open this name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:476:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((fd = open (tmp,O_RDONLY,NIL)) < 0)) data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:533:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (fs_get (sizeof (MAILSTREAM)),stream, data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:536:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (stream,test,sizeof (MAILSTREAM)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:600:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:603:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((fd = open (tmp,O_RDONLY,NIL)) < 0)) { data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:646:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,dev[4]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.c:88:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.c:142:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (date + strlen (date)," (%.50s)", data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.c:251:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ret,tmp[MAILTMPLEN+1]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:150:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:170:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (tmp,O_BINARY|O_RDONLY,NIL)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:287:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:294:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((fd = open (tmp,O_BINARY|(stream->rdonly ? O_RDONLY:O_RDWR),NIL)) < 0)&& data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:296:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((fd = open (tmp,O_BINARY|O_RDWR|O_CREAT|O_EXCL,S_IREAD|S_IWRITE))<0))){ data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:454:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:493:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Expunged %ld messages",n); data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:515:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:543:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (fd = open (tmp,O_BINARY|O_WRONLY|O_APPEND|O_CREAT, data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:597:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:625:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a MTX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:633:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((fd = open (file,O_BINARY|O_WRONLY|O_APPEND|O_CREAT, data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:654:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:714:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *s,*t,*x,lbuf[65]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:715:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:722:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox shrank from %ld to %ld!",curpos,sbuf.st_size); data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:787:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)", data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:808:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:816:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%010lo%02o",k, /* print new flag string */ data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:839:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/nl_dos.c:47:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (srcl) memcpy (*dst,src,(size_t) srcl); data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dnf.c:64:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dnf.c:88:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dnf.c:93:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&sin->sin_addr,hn->h_addr,hn->h_length); data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dnv.c:63:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dpc.c:63:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dpc.c:95:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dpc.c:100:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&sin->sin_addr,hn->h_addr,hn->h_length); data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dwa.c:58:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,hname[32],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dos.c:73:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dos.c:84:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad format domain-literal: %.80s",host); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dos.c:100:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to create TCP socket (%d)",errno); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dos.c:108:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to create selectable TCP socket (%d >= %d)", data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dos.c:184:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + n,stc->text.data,stc->text.size); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dos.c:211:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret,s,*size = n); /* copy into a free storage string */ data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dos.c:217:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((ret = (char *) fs_get (n)),s,*size = n); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dos.c:245:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (bufptr,stream->iptr,n); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dos.h:44:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[BUFLEN]; /* input buffer */ data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dwa.c:55:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dwa.c:71:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad format domain-literal: %.80s",host); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dwa.c:88:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't connect to %.80s,%ld",host,port); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dwa.c:140:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + n,stc->text.data,stc->text.size); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dwa.c:167:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret,s,*size = n); /* copy into a free storage string */ data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dwa.c:173:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((ret = (char *) fs_get (n)),s,*size = n); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dwa.c:201:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (bufptr,stream->iptr,(size_t) n); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dwa.h:44:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[BUFLEN]; /* input buffer */ data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:105:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:106:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:113:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to start Windows Sockets (%d)",i); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:133:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad format domain-literal: %.80s",host); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:148:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"DNS resolution %.80s",host); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:165:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&sin.sin_addr,s,he->h_length); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:208:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to create TCP socket (%d)",WSAGetLastError()); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:277:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + n,stc->text.data,stc->text.size); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:304:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret,s,*size = n); /* copy into a free storage string */ data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:310:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((ret = (char *) fs_get (n)),s,*size = n); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:337:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s,stream->iptr,n); /* yes, slurp as much as we can from it */ data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:720:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ret,host[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:727:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (host,"DNS canonicalization %.80s",name); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:746:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ret,*t,adr[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:747:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ret = adr,"[%.80s]",inet_ntoa (sin->sin_addr)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:781:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.h:49:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[BUFLEN]; /* input buffer */ data/alpine-2.24+dfsg1/imap/src/osdep/mac/dummymac.c:104:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/mac/dummymac.c:202:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/mac/dummymac.c:291:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/mac/env_mac.c:45:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/mac/env_mac.c:100:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (date += strlen (date),"%+03ld%02ld",tz/60,tzm >= 0 ? tzm : -tzm); data/alpine-2.24+dfsg1/imap/src/osdep/mac/os_mac.c:74:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define open(a,b,c) open (a,b) data/alpine-2.24+dfsg1/imap/src/osdep/mac/os_mac.c:74:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define open(a,b,c) open (a,b) data/alpine-2.24+dfsg1/imap/src/osdep/mac/tcp_mac.c:95:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/mac/tcp_mac.c:115:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (hst.cname,"[%ld.%ld.%ld.%ld]",i,j,k,l); data/alpine-2.24+dfsg1/imap/src/osdep/mac/tcp_mac.c:118:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad format domain-literal: %.80s",host); data/alpine-2.24+dfsg1/imap/src/osdep/mac/tcp_mac.c:167:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (tmp,"Unknown resolver error (%ld): %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/mac/tcp_mac.c:180:32: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). openpb = &stream->pb.csParam.open; data/alpine-2.24+dfsg1/imap/src/osdep/mac/tcp_mac.c:209:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't connect to %.80s,%ld",hst.cname,port); data/alpine-2.24+dfsg1/imap/src/osdep/mac/tcp_mac.c:230:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"[%ld.%ld.%ld.%ld]",i,j,k,l); data/alpine-2.24+dfsg1/imap/src/osdep/mac/tcp_mac.c:287:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + n,stc->text.data,stc->text.size); data/alpine-2.24+dfsg1/imap/src/osdep/mac/tcp_mac.c:314:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret,s,*size = n); /* copy into a free storage string */ data/alpine-2.24+dfsg1/imap/src/osdep/mac/tcp_mac.c:320:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((ret = (char *) fs_get (n)),s,*size = n); data/alpine-2.24+dfsg1/imap/src/osdep/mac/tcp_mac.c:348:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (bufptr,stream->iptr,n); data/alpine-2.24+dfsg1/imap/src/osdep/mac/tcp_mac.h:45:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[BUFLEN]; /* input buffer */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:112:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:150:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,test[MAILTMPLEN],file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:204:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,test[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:231:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:236:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't subscribe %.80s: not a mailbox",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:255:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:326:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*buf,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:342:34: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (csiz > sbuf.st_size) || ((fd = open (tmp,O_RDONLY,NIL)) < 0)) data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:351:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf,buf+BUFSIZE,ssiz); data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:371:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:374:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create %.80s: invalid name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:390:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:413:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (path,O_WRONLY|O_CREAT|O_EXCL,S_IREAD|S_IWRITE)) >= 0) data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:416:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mailbox node %.80s: %.80s",path, data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:432:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:434:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't delete - invalid name: %.80s",s); data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:441:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't delete mailbox %.80s: %.80s",mailbox,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:459:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],mbx[MAILTMPLEN],oldname[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:465:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (mbx,"Can't rename %.80s to %.80s: invalid name",old,newname); data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:488:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %.80s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:504:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:511:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"Can't open this name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:512:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (tmp,O_RDONLY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:515:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"%.80s: %.80s",strerror (errno),stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:521:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"%.80s (file %.80s) is not in valid mailbox format", data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:569:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (fs_get (sizeof (MAILSTREAM)),stream, data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:572:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (stream,test,sizeof (MAILSTREAM)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:636:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:639:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((fd = open (tmp,O_RDONLY,NIL)) < 0)) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:643:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%.80s: %.80s",strerror (e),mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:653:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Indeterminate mailbox format: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:682:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,dev[4]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:102:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:205:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (date + strlen (date)," (%.50s)",tz); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:486:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:494:5: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar (CP_ACP,0,user,strlen (user) + 1, data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:505:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp+(t-s),"\\%.100s\\My Documents",user); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:532:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *user,*path,*d,*p,pth[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:569:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:598:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:617:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:643:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char homedev[3]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:725:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((ld = open (lock,O_BINARY|O_RDWR|O_CREAT,S_IREAD|S_IWRITE)) >= 0) && op) data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip4_nt.c:123:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&SADR4ADR (sadr),adr,adrlen); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip4_nt.c:163:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **adl,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip6_nt.c:60:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ip_sockaddrtostring (struct sockaddr *sadr,char buf[NI_MAXHOST]); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip6_nt.c:60:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ip_sockaddrtostring (struct sockaddr *sadr,char buf[NI_MAXHOST]); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip6_nt.c:66:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ip_sockaddrtoname (struct sockaddr *sadr,char buf[NI_MAXHOST]); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip6_nt.c:66:48: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ip_sockaddrtoname (struct sockaddr *sadr,char buf[NI_MAXHOST]); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip6_nt.c:76:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ip_sockaddrtostring (struct sockaddr *sadr,char buf[NI_MAXHOST]) data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip6_nt.c:76:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ip_sockaddrtostring (struct sockaddr *sadr,char buf[NI_MAXHOST]) data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip6_nt.c:118:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip6_nt.c:134:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (adr,(void *) &SADR4ADR (ai->ai_addr),*len); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip6_nt.c:138:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (adr,(void *) &SADR6ADR (ai->ai_addr),*len); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip6_nt.c:174:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&SADR4ADR (sadr),adr,adrlen); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip6_nt.c:182:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&SADR6ADR (sadr),adr,adrlen); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip6_nt.c:200:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ip_sockaddrtoname (struct sockaddr *sadr,char buf[NI_MAXHOST]) data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip6_nt.c:200:48: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ip_sockaddrtoname (struct sockaddr *sadr,char buf[NI_MAXHOST]) data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip6_nt.c:228:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/kerb_w2k.c:246:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/kerb_w2k.c:262:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (tmp,input_name_buffer->value,input_name_buffer->length); data/alpine-2.24+dfsg1/imap/src/osdep/nt/kerb_w2k.c:377:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/kerb_w2k.c:408:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s = tmp,"SSPI code %lx",status_value); data/alpine-2.24+dfsg1/imap/src/osdep/nt/kerb_w2k.c:512:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. buf[1].pvBuffer = ((char *) buf[0].pvBuffer) + buf[0].cbBuffer; data/alpine-2.24+dfsg1/imap/src/osdep/nt/kerb_w2k.c:514:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf[1].pvBuffer,input_message_buffer->value,buf[1].cbBuffer); data/alpine-2.24+dfsg1/imap/src/osdep/nt/kerb_w2k.c:516:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. buf[2].pvBuffer = ((char *) buf[1].pvBuffer) + buf[1].cbBuffer; data/alpine-2.24+dfsg1/imap/src/osdep/nt/kerb_w2k.c:523:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. memmove (((char *) buf[0].pvBuffer) + buf[0].cbBuffer, data/alpine-2.24+dfsg1/imap/src/osdep/nt/kerb_w2k.c:526:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. buf[1].pvBuffer = memmove (((char *)buf[1].pvBuffer) + buf[1].cbBuffer, data/alpine-2.24+dfsg1/imap/src/osdep/nt/kerb_w2k.c:580:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (output_message_buffer->value = fs_get (buf[1].cbBuffer), data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:70:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; /* buffer to write lock name */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:174:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:203:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,*t,hdr[HDRSIZE]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:211:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((fd = open (file,(flags ? O_RDWR : O_RDONLY)|O_BINARY,NIL)) >= 0)) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:266:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (hdr,"%08lx",++(*stream)->uid_last); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:283:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (hdr,"%08lx",(*stream)->uid_last); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:376:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,mbx[MAILTMPLEN],tmp[HDRSIZE]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:380:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (mbx,"Can't create %.80s: invalid name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:387:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (mbx,O_WRONLY|O_BINARY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:394:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s = tmp,"*mbx*\015\012%08lx00000000\015\012", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:435:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:448:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_RDWR|O_BINARY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:461:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s is in use by another process",old); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:515:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:520:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:524:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (fd = open (tmp,O_RDWR|O_BINARY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:525:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (tmp,O_RDONLY|O_BINARY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:751:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:793:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Reclaimed %lu bytes of expunged space",i); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:833:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Expunged %lu messages",nexp); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:837:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Reclaimed %lu bytes of expunged space",reclaimed); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:861:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:878:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:883:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Invalid MBX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:888:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Not a MBX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:893:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (dummy_file (file,mailbox),O_RDWR|O_CREAT|O_BINARY, data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:914:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf+strlen(LOCAL->buf),",%lu;%08lx%04x-%08lx\015\012", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:941:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"%08lx",dstream->uid_last); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:985:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1012:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1016:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid MBX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1020:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a MBX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1045:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1116:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1128:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox shrank from %lu to %lu!", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1170:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to find CRLF at %lu in %lu bytes, text: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1179:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to parse internal header at %lu: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1189:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to parse message flags at %lu: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1199:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to parse message UID at %lu: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1209:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to parse message size at %lu: %.80s,%.80s;%.80s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1218:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1229:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid UID %08lx in message %lu, rebuilding UIDs", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1256:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to parse message date at %lu: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1358:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Mailbox shrank from %lu to %lu in flag read!", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1404:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s,"*mbx*\015\012%08lx%08lx\015\012", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1412:28: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. while (i++ < NUSERFLAGS) strcat (s,"\015\012"); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1439:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Mailbox shrank from %lu to %lu in flag update!", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1459:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"%08lx%04x-%08lx",elt->user_flags,(unsigned) data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1555:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1673:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1692:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (LOCAL->lock,lock,MAILTMPLEN); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:161:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:176:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:184:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_BINARY|O_RDONLY,NIL)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:266:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,mbx[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:268:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (mbx,"Can't create %.80s: invalid name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:295:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:308:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (file,O_BINARY|O_RDWR,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:321:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s is in use by another process",old); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:355:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't delete mailbox %.80s: %.80s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:372:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:378:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:382:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (fd = open (tmp,O_BINARY|O_RDWR,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:383:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (tmp,O_BINARY|O_RDONLY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:384:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open mailbox: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:573:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:627:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:695:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf, data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:702:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Expunged %lu messages",n); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:739:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:750:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:755:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Invalid MTX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:760:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Not a MTX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:767:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (file,O_BINARY|O_RDWR|O_CREAT,S_IREAD|S_IWRITE)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:768:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Unable to open copy mailbox: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:843:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:865:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:869:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid MTX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:873:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a MTX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:881:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((fd = open (file,O_BINARY|O_WRONLY|O_APPEND|O_CREAT,S_IREAD|S_IWRITE)) data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:907:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:964:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:973:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox shrank from %ld to %ld!",curpos,sbuf.st_size); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:1038:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:1160:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"%010lo%02o",k,(unsigned) data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:1195:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/nl_nt.c:47:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (srcl) memcpy (*dst,src,(size_t) srcl); data/alpine-2.24+dfsg1/imap/src/osdep/nt/proc.c:36:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fph = fopen("linkage.h", "w"); data/alpine-2.24+dfsg1/imap/src/osdep/nt/proc.c:37:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fpc = fopen("linkage.c", "w"); data/alpine-2.24+dfsg1/imap/src/osdep/nt/proc.c:45:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fph = fopen("linkage.h", "a"); data/alpine-2.24+dfsg1/imap/src/osdep/nt/proc.c:46:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fpc = fopen("linkage.c", "a"); data/alpine-2.24+dfsg1/imap/src/osdep/nt/proc.c:47:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fpa = fopen("auths.c", "w"); data/alpine-2.24+dfsg1/imap/src/osdep/nt/proc.c:60:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fph = fopen("linkage.h", "a"); data/alpine-2.24+dfsg1/imap/src/osdep/nt/proc.c:65:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fpc = fopen("linkage.c", "a"); data/alpine-2.24+dfsg1/imap/src/osdep/nt/proc.c:67:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fph = fopen("linkage.h", "a"); data/alpine-2.24+dfsg1/imap/src/osdep/nt/proc.c:71:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fpc = fopen("linkage.c", "a"); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:64:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[SSLBUFLEN]; /* input buffer */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:151:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:155:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tmp, "SSLXXXXXX"); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:156:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(tmp,"a"); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:161:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen (tmp),"%.80s%lx%.80s%lx%lx%lx%lx%lx", data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:329:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *reason,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:348:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Certificate failure for %.80s: %.512s",host,reason); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:361:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"TLS/SSL failure for %.80s: %.512s",host,reason); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:389:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s, *t, *err, tmp[MAILTMPLEN], buf[256]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:463:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "*%.128s: %.255s", err, cert ? buf : "???"); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:477:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *err,cert[256],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:486:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"*%.128s: %.255s",err,cert); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:512:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:626:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + n,stc->text.data,stc->text.size); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:653:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret,s,*size = n); /* copy into a free storage string */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:659:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((ret = (char *) fs_get (n)),s,*size = n); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:686:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer,stream->iptr,n); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:747:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:748:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (i) sprintf (s = tmp,"SSL data read I/O error %d SSL error %d", data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:800:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:801:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"SSL data write I/O error %d SSL error %d", data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:900:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret + got, stream->iptr, n); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:928:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:949:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cert[MAILTMPLEN],key[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_w2k.c:152:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN],certname[256]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_w2k.c:223:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf+size,stream->tcpstream->iptr,stream->tcpstream->ictr); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_w2k.c:240:16: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). if (!((size = MultiByteToWideChar (CP_ACP,0,host,-1,NIL,0)) && data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_w2k.c:242:8: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar (CP_ACP,0,host,-1,whost,size))) data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_w2k.c:249:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (certname,"<no certificate>"); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_w2k.c:292:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf,"*%.128s: %.255s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_w2k.c:310:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"WINDOWS BUG: cbMaximumMessage = %ld, should be 16384", data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_w2k.c:329:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Certificate failure for %.80s: %.512s",host,reason); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_w2k.c:342:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"TLS/SSL failure for %.80s: %.512s",host,reason); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_w2k.c:387:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf,"Unexpected SSPI or certificate error %lx - report this",err); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_w2k.c:416:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + n,stc->text.data,stc->text.size); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_w2k.c:443:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret,s,*size = n); /* copy into a free storage string */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_w2k.c:449:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((ret = (char *) fs_get (n)),s,*size = n); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_w2k.c:476:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer,stream->iptr,n); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_w2k.c:502:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (stream->ibuf + n,stream->iextraptr,stream->iextractr); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_w2k.c:512:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (stream->ibuf + n,stream->tcpstream->iptr,i); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_w2k.c:586:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf[1].pvBuffer = stream->obuf + stream->sizes.cbHeader,string, data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_w2k.c:590:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. memset (buf[2].pvBuffer = ((char *) buf[1].pvBuffer) + buf[1].cbBuffer,0, data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:267:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN],certname[256]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:364:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf+size,stream->tcpstream->iptr,stream->tcpstream->ictr); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:381:16: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). if (!((size = MultiByteToWideChar (CP_ACP,0,host,-1,NIL,0)) && data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:383:8: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar (CP_ACP,0,host,-1,whost,size))) data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:390:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (certname,"<no certificate>"); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:433:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf,"*%.128s: %.255s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:451:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"WINDOWS BUG: cbMaximumMessage = %ld, should be 16384", data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:470:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Certificate failure for %.80s: %.512s",host,reason); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:483:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"TLS/SSL failure for %.80s: %.512s",host,reason); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:528:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf,"Unexpected SSPI or certificate error %lx - report this",err); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:557:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + n,stc->text.data,stc->text.size); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:584:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret,s,*size = n); /* copy into a free storage string */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:590:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((ret = (char *) fs_get (n)),s,*size = n); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:612:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret + got, stream->iptr, n); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:637:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer,stream->iptr,n); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:663:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (stream->ibuf + n,stream->iextraptr,stream->iextractr); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:673:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (stream->ibuf + n,stream->tcpstream->iptr,i); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:748:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf[1].pvBuffer = stream->obuf + stream->sizes.cbHeader,string, data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:752:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. memset (buf[2].pvBuffer = ((char *) buf[1].pvBuffer) + buf[1].cbBuffer,0, data/alpine-2.24+dfsg1/imap/src/osdep/nt/sslstdio.c:155:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (sslstdio->optr,t,j = min (i,sslstdio->octr)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:119:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:130:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to start Windows Sockets (%d)",i); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:153:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (tmp,"Bad format domain-literal: %.80s",host); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:158:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"DNS resolution %.80s",host); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:214:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,errmsg[100]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:219:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NI_MAXHOST]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:226:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to create TCP socket (%d)",WSAGetLastError ()); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:261:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s = errmsg,"Can't set blocking mode (%d)", data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:278:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s = errmsg,"Unknown error (%d)",err); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:284:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't connect to %.80s,%ld: %.80s",hst,port,s); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:330:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + n,stc->text.data,stc->text.size); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:357:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret,s,*size = n); /* copy into a free storage string */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:363:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((ret = (char *) fs_get (n)),s,*size = n); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:390:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s,stream->iptr,n); /* yes, slurp as much as we can from it */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:443:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:444:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (i) sprintf (s = tmp,"TCP buffer read I/O error %d",errno); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:512:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:513:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (i) sprintf (s = tmp,"TCP data read I/O error %d",errno); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:597:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:598:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"TCP write I/O error %d",errno); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:731:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NI_MAXHOST]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:753:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NI_MAXHOST]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:786:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NI_MAXHOST]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:815:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NI_MAXHOST]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:856:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ret,host[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:862:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (host,"DNS canonicalization %.80s",name); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:881:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ret,*t,adr[MAILTMPLEN],tmp[MAILTMPLEN],buf[NI_MAXHOST]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:882:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ret = adr,"[%.80s]",ip_sockaddrtostring (sadr,buf)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:941:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret + got, stream->iptr, n); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.h:50:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[BUFLEN]; /* input buffer */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:169:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:184:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:192:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_BINARY|O_RDONLY,NIL)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:274:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,mbx[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:276:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (mbx,"Can't create %.80s: invalid name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:303:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:316:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_BINARY|O_RDWR,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:329:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s is in use by another process",old); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:363:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't delete mailbox %.80s: %.80s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:380:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:386:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:390:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (fd = open (tmp,O_BINARY|O_RDWR,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:391:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (tmp,O_BINARY|O_RDONLY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:392:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open mailbox: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:643:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:697:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:766:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf, data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:773:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Expunged %lu messages",n); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:810:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:821:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:826:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Invalid Tenex-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:831:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Not a Tenex-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:838:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (file,O_BINARY|O_RDWR|O_CREAT,S_IREAD|S_IWRITE)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:839:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Unable to open copy mailbox: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:914:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:936:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:940:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid TENEX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:944:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a TENEX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:952:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((fd = open (file,O_BINARY|O_WRONLY|O_APPEND|O_CREAT,S_IREAD|S_IWRITE)) data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:978:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:1055:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:1064:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox shrank from %ld to %ld!",curpos,sbuf.st_size); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:1129:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)", data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:1252:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"%010lo%02o",k,(unsigned) data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:200:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN],file[MAILTMPLEN],*s,*t; data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:208:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_BINARY|O_RDONLY,NIL)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:296:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,mbx[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:301:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create %.80s: invalid name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:307:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (mbx,O_WRONLY|O_BINARY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:316:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tmp,"\r\nDate: "); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:361:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN],lockx[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:373:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't get lock for mailbox %.80s",old); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:378:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s is in use by another process",old); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:432:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:441:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:631:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c,*s,tmp[CHUNKSIZE]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:700:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:742:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:769:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:787:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (i) sprintf (msg = LOCAL->buf,"Expunged %lu messages",i); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:812:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:837:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:842:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Invalid UNIX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:847:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Not a UNIX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:857:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Unable to write-open mailbox for COPYUID: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:960:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,buf[BUFLEN],tmp[MAILTMPLEN],file[MAILTMPLEN], data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:989:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:993:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid UNIX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:997:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a UNIX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1004:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to examine mailbox for APPEND: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1011:14: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (!(sf = tmpfile ())) { /* must have scratch file */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1012:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,".%lx.%lx",(unsigned long) time (0),(unsigned long)getpid ()); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1013:37: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!stat (tmp,&sbuf) || !(sf = fopen (tmp,"wb+"))) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1014:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to create scratch file: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1023:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1035:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error writing scratch file: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1045:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error finishing scratch file: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1060:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to re-open mailbox for APPENDUID: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1162:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *x,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1305:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1312:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ld = open(lock,O_BINARY|O_WRONLY|O_CREAT|O_EXCL,S_IREAD|S_IWRITE))>=0) data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1320:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((ld = open(lock,O_BINARY|O_WRONLY|O_CREAT,S_IREAD|S_IWRITE))>=0)) data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1324:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s is locked, will override in %d seconds...", data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1332:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (file,flags,mode)) >= 0) flock (fd,op); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1396:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c,*s,*t,*u,tmp[MAILTMPLEN],date[30]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1425:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox shrank from %lu to %lu bytes, aborted", data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1452:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unexpected changes to mailbox (try restarting): %.20s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1613:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message %lu UID %lu already has UID %lu", data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1618:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message %lu UID %lu less than %lu", data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1624:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message %lu UID %lu greater than last %lu", data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1700:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1717:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1718:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"Discarding bogus continuation in msg %lu: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1842:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (LOCAL->linebuf,bs->curpos,i); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1868:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret,LOCAL->linebuf,i); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1871:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + i,bs->curpos,k = min (j,bs->cursize)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1902:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1913:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (t += strlen (t),"\r\nStatus: RO\r\n\r\n"); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1933:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,stack[64]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:2208:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (f->bufpos,buf,k = min (j,size)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:2264:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (f->bufpos,buf,size); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:2292:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/yunchan.c:104:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; /* callers must be careful not to pop this */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/yunchan.c:137:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/yunchan.c:311:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (ret = fopen (s,"w+b")) add_tmpfile(&win_tmp, ret, s); data/alpine-2.24+dfsg1/imap/src/osdep/nt/yunchan.c:344:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pwd[PWDLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/nt/yunchan.h:69:9: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). #define tmpfile create_tempfile data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:119:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:157:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,test[MAILTMPLEN],file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:211:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,test[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:238:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:243:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't subscribe %.80s: not a mailbox",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:263:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:332:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*buf,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:337:34: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (csiz > sbuf.st_size) || ((fd = open (tmp,O_RDONLY,NIL)) < 0)) data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:346:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf,buf+BUFSIZE,ssiz); data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:366:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:369:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create %.80s: invalid name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:385:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:408:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (path,O_WRONLY|O_CREAT|O_EXCL,S_IREAD|S_IWRITE)) >= 0) data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:411:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mailbox node %.80s: %.80s",path, data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:427:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:429:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't delete - invalid name: %.80s",s); data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:436:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't delete mailbox %.80s: %.80s",mailbox,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:454:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],mbx[MAILTMPLEN],oldname[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:459:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (mbx,"Can't rename %.80s to %.80s: invalid name",old,newname); data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:479:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %.80s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:495:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:502:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"Can't open this name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:503:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (tmp,O_RDONLY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:506:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"%.80s: %.80s",strerror (errno),stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:512:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"%.80s (file %.80s) is not in valid mailbox format", data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:560:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (fs_get (sizeof (MAILSTREAM)),stream, data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:563:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (stream,test,sizeof (MAILSTREAM)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:627:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:630:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((fd = open (tmp,O_RDONLY,NIL)) < 0)) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:634:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%.80s: %.80s",strerror (e),mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:644:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Indeterminate mailbox format: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:673:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,dev[4]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.c:68:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.c:122:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (date + strlen (date)," (%.50s)",tz); data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.c:229:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((ld = open (lock,O_BINARY|O_RDWR|O_CREAT,S_IREAD|S_IWRITE)) >= 0) && op) data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:70:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; /* buffer to write lock name */ data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:173:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:202:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,*t,hdr[HDRSIZE]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:210:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((fd = open (file,(flags ? O_RDWR : O_RDONLY)|O_BINARY,NIL)) >= 0)) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:265:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (hdr,"%08lx",++(*stream)->uid_last); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:282:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (hdr,"%08lx",(*stream)->uid_last); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:375:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,mbx[MAILTMPLEN],tmp[HDRSIZE]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:379:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (mbx,"Can't create %.80s: invalid name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:386:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (mbx,O_WRONLY|O_BINARY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:393:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s = tmp,"*mbx*\015\012%08lx00000000\015\012", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:434:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:447:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_RDWR|O_BINARY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:460:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s is in use by another process",old); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:514:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:519:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:523:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (fd = open (tmp,O_RDWR|O_BINARY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:524:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (tmp,O_RDONLY|O_BINARY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:750:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:792:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Reclaimed %lu bytes of expunged space",i); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:832:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Expunged %lu messages",nexp); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:836:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Reclaimed %lu bytes of expunged space",reclaimed); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:860:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:877:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:882:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Invalid MBX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:887:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Not a MBX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:892:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (dummy_file (file,mailbox),O_RDWR|O_CREAT|O_BINARY, data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:913:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf+strlen(LOCAL->buf),",%lu;%08lx%04x-%08lx\015\012", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:940:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"%08lx",dstream->uid_last); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:984:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1011:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1015:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid MBX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1019:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a MBX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1044:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1115:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1127:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox shrank from %lu to %lu!", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1169:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to find CRLF at %lu in %lu bytes, text: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1178:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to parse internal header at %lu: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1188:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to parse message flags at %lu: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1198:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to parse message UID at %lu: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1208:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to parse message size at %lu: %.80s,%.80s;%.80s", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1217:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1228:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid UID %08lx in message %lu, rebuilding UIDs", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1255:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to parse message date at %lu: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1357:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Mailbox shrank from %lu to %lu in flag read!", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1403:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s,"*mbx*\015\012%08lx%08lx\015\012", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1411:28: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. while (i++ < NUSERFLAGS) strcat (s,"\015\012"); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1438:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Mailbox shrank from %lu to %lu in flag update!", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1458:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"%08lx%04x-%08lx",elt->user_flags,(unsigned) data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1554:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1672:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1691:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (LOCAL->lock,lock,MAILTMPLEN); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:160:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:175:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:183:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_BINARY|O_RDONLY,NIL)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:265:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,mbx[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:267:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (mbx,"Can't create %.80s: invalid name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:294:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:307:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (file,O_BINARY|O_RDWR,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:320:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s is in use by another process",old); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:354:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't delete mailbox %.80s: %.80s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:371:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:377:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:381:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (fd = open (tmp,O_BINARY|O_RDWR,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:382:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (tmp,O_BINARY|O_RDONLY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:383:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open mailbox: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:572:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:626:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:694:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf, data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:701:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Expunged %lu messages",n); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:738:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:749:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:754:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Invalid MTX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:759:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Not a MTX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:766:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (file,O_BINARY|O_RDWR|O_CREAT,S_IREAD|S_IWRITE)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:767:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Unable to open copy mailbox: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:842:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:864:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:868:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid MTX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:872:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a MTX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:880:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((fd = open (file,O_BINARY|O_WRONLY|O_APPEND|O_CREAT,S_IREAD|S_IWRITE)) data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:906:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:963:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:972:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox shrank from %ld to %ld!",curpos,sbuf.st_size); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:1037:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:1159:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"%010lo%02o",k,(unsigned) data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:1194:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/nl_os2.c:47:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (srcl) memcpy (*dst,src,(size_t) srcl); data/alpine-2.24+dfsg1/imap/src/osdep/os2/os_os2.c:58:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/os_os2.c:64:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (s = tmp,"[%i.%i.%i.%i]",he->h_addr[0],he->h_addr[1], data/alpine-2.24+dfsg1/imap/src/osdep/os2/os_os2.c:84:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/os_os2.c:89:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&sin->sin_addr,hn->h_addr,hn->h_length); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tcp_os2.c:73:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/tcp_os2.c:84:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad format domain-literal: %.80s",host); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tcp_os2.c:100:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to create TCP socket (%d)",errno); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tcp_os2.c:108:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to create selectable TCP socket (%d >= %d)", data/alpine-2.24+dfsg1/imap/src/osdep/os2/tcp_os2.c:184:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + n,stc->text.data,stc->text.size); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tcp_os2.c:211:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret,s,*size = n); /* copy into a free storage string */ data/alpine-2.24+dfsg1/imap/src/osdep/os2/tcp_os2.c:217:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((ret = (char *) fs_get (n)),s,*size = n); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tcp_os2.c:245:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (bufptr,stream->iptr,n); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tcp_os2.h:44:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[BUFLEN]; /* input buffer */ data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:168:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:183:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:191:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_BINARY|O_RDONLY,NIL)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:273:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,mbx[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:275:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (mbx,"Can't create %.80s: invalid name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:302:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:315:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_BINARY|O_RDWR,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:328:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s is in use by another process",old); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:362:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't delete mailbox %.80s: %.80s",old,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:379:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:385:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:389:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (fd = open (tmp,O_BINARY|O_RDWR,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:390:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (tmp,O_BINARY|O_RDONLY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:391:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open mailbox: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:642:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:696:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:765:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf, data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:772:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Expunged %lu messages",n); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:809:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:820:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:825:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Invalid Tenex-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:830:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Not a Tenex-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:837:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (file,O_BINARY|O_RDWR|O_CREAT,S_IREAD|S_IWRITE)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:838:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Unable to open copy mailbox: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:913:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:935:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:939:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid TENEX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:943:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a TENEX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:951:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((fd = open (file,O_BINARY|O_WRONLY|O_APPEND|O_CREAT,S_IREAD|S_IWRITE)) data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:977:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:1054:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:1063:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox shrank from %ld to %ld!",curpos,sbuf.st_size); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:1128:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)", data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:1251:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"%010lo%02o",k,(unsigned) data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:199:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN],file[MAILTMPLEN],*s,*t; data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:207:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_BINARY|O_RDONLY,NIL)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:295:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,mbx[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:300:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create %.80s: invalid name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:306:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (mbx,O_WRONLY|O_BINARY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:315:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tmp,"\r\nDate: "); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:360:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN],lockx[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:372:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't get lock for mailbox %.80s",old); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:377:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s is in use by another process",old); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:431:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:440:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:630:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c,*s,tmp[CHUNKSIZE]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:699:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:741:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:768:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:786:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (i) sprintf (msg = LOCAL->buf,"Expunged %lu messages",i); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:811:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:836:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:841:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Invalid UNIX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:846:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Not a UNIX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:856:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Unable to write-open mailbox for COPYUID: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:959:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,buf[BUFLEN],tmp[MAILTMPLEN],file[MAILTMPLEN], data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:988:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:992:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid UNIX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:996:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a UNIX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1003:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to examine mailbox for APPEND: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1010:14: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (!(sf = tmpfile ())) { /* must have scratch file */ data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1011:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,".%lx.%lx",(unsigned long) time (0),(unsigned long)getpid ()); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1012:37: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!stat (tmp,&sbuf) || !(sf = fopen (tmp,"wb+"))) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1013:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to create scratch file: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1022:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1034:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error writing scratch file: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1044:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error finishing scratch file: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1059:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to re-open mailbox for APPENDUID: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1161:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *x,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1304:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1311:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ld = open(lock,O_BINARY|O_WRONLY|O_CREAT|O_EXCL,S_IREAD|S_IWRITE))>=0) data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1319:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((ld = open(lock,O_BINARY|O_WRONLY|O_CREAT,S_IREAD|S_IWRITE))>=0)) data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1323:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s is locked, will override in %d seconds...", data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1331:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (file,flags,mode)) >= 0) flock (fd,op); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1395:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c,*s,*t,*u,tmp[MAILTMPLEN],date[30]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1424:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox shrank from %lu to %lu bytes, aborted", data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1451:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unexpected changes to mailbox (try restarting): %.20s", data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1612:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message %lu UID %lu already has UID %lu", data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1617:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message %lu UID %lu less than %lu", data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1623:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message %lu UID %lu greater than last %lu", data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1699:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1716:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1717:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"Discarding bogus continuation in msg %lu: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1841:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (LOCAL->linebuf,bs->curpos,i); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1867:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret,LOCAL->linebuf,i); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1870:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + i,bs->curpos,k = min (j,bs->cursize)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1901:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1912:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (t += strlen (t),"\r\nStatus: RO\r\n\r\n"); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1932:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,stack[64]; data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:2207:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (f->bufpos,buf,k = min (j,size)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:2263:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (f->bufpos,buf,size); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:2291:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/dummyt20.c:201:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/dummyt20.c:290:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/env_t20.c:139:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/env_t20.c:174:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/env_t20.c:179:31: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (!jsys (GTHST,argblk)) strcpy (tmp,"LOCAL"); data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/nl_t20.c:47:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (srcl) memcpy (*dst,src,(size_t) srcl); data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/os_t20.c:88:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pwd[PWDLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/tcp_t20.c:59:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/tcp_t20.c:63:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/tcp_t20.c:72:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"[%lu.%lu.%lu.%lu]",i,j,k,l); data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/tcp_t20.c:75:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad format domain-literal: %.80s",host); data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/tcp_t20.c:103:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (file,"TCP:.%o-%d;PERSIST:30;CONNECTION:ACTIVE",argblk[3],port); data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/tcp_t20.c:122:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (!jsys (GTHST,argblk)) strcpy (tmp,"LOCAL"); data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/tcp_t20.c:167:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + n,stc->text.data,stc->text.size); data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/tcp_t20.c:198:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((ret = (char *) fs_get (n)),stream->ibuf,*size = n - 2); data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/tcp_t20.c:203:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((ret = (char *) fs_get (n)),stream->ibuf,*size = n); data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/tcp_t20.c:335:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/tcp_t20.h:49:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[BUFLEN]; /* input buffer */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_bsi.c:41:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_dce.c:52:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fd = fopen (PASSWD_OVERRIDE,"r")) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_gss.c:39:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char svrnam[MAILTMPLEN],cltnam[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_gss.c:50:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (svrnam,"%.80s@%.512s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_gss.c:54:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (cltnam,"%.80s/%.80s",pw->pw_name, data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_psx.c:39:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_psx.c:84:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"[ALERT] Password expires in %ld day(s)",(long) left); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_psx.c:91:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"[ALERT] Account expires in %ld day(s)",(long) left); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_sv4.c:39:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_sv4.c:80:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"[ALERT] Password expires in %ld day(s)",(long) left); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_svo.c:39:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_svo.c:79:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"[ALERT] Password expires in %ld day(s)",(long) left); data/alpine-2.24+dfsg1/imap/src/osdep/unix/crx_nfs.c:44:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hitch[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/crx_nfs.c:52:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((i = open (hitch,O_WRONLY|O_CREAT|O_EXCL,(int) shlock_mode)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/crx_nfs.c:66:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((i = open (name,O_WRONLY|O_CREAT|O_EXCL,(int) shlock_mode)) >= 0){ data/alpine-2.24+dfsg1/imap/src/osdep/unix/crx_std.c:40:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((i = open (name,O_WRONLY|O_CREAT|O_EXCL,(int) shlock_mode)) < 0) data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:110:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:155:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,test[MAILTMPLEN],file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:217:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,test[MAILTMPLEN],tmp[MAILTMPLEN],tmpx[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:244:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:250:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"CLIENT BUG DETECTED: subscribe of non-mailbox directory %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:256:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't subscribe %.80s: not a mailbox",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:277:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN],path[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:287:35: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dt = mail_parameters ((*drivers->open) (NIL),GET_DIRFMTTEST,NIL); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:377:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (name,O_RDONLY,NIL)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:385:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf,buf+BUFSIZE,ssiz); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:414:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:422:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dt = mail_parameters ((*d->open) (NIL),GET_DIRFMTTEST,NIL); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:454:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:458:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create %.80s: invalid name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:477:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:500:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (path,O_WRONLY|O_CREAT|O_EXCL, data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:504:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mailbox node %.80s: %.80s",path,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:520:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:522:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't delete - invalid name: %.80s",s); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:529:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't delete mailbox %.80s: %.80s",mailbox,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:546:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],mbx[MAILTMPLEN],oldname[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:551:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (mbx,"Can't rename %.80s to %.80s: invalid name",old,newname); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:570:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %.80s",old,newname, data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:586:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:593:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"Can't open this name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:594:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (tmp,O_RDONLY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:597:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"%.80s: %.80s",strerror (errno),stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:603:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"Can't open %.80s: not a selectable mailbox", data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:606:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"Can't open %.80s (file %.80s): not in valid mailbox format", data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:655:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (fs_get (sizeof (MAILSTREAM)),stream, data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:658:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (stream,test,sizeof (MAILSTREAM)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:722:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:730:47: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (dummy_file (tmp,mailbox) && ((fd = open (tmp,O_RDONLY,NIL)) < 0)) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:733:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%.80s: %.80s",strerror (e),mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:743:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Indeterminate mailbox format: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:101:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *userFlags[NUSERFLAGS] = {NIL}; data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:835:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:897:11: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. dorc (strcat (strcpy (tmp,myHomeDir),"/.mminit"),T); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:898:11: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. dorc (strcat (strcpy (tmp,myHomeDir),"/.imaprc"),NIL); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:911:36: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (!myNewsrc) myNewsrc = cpystr(strcat (strcpy (tmp,myHomeDir),"/.newsrc")); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:915:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (*createProto->dtb->open) (NIL); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:965:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:997:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1013:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1030:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1173:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1189:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s is locked, will override in %d seconds...", data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1206:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox vulnerable - seizing %ld second old lock", data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1213:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((i = open (base->lock,O_WRONLY|O_CREAT,(int) dotlock_mode)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1215:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s lock overridden",file); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1235:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[4],arg[20]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1244:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (arg,"%d",fd); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1367:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1378:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((fd = open (lock,O_RDWR,shlock_mode)) >= 0) || data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1381:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (lock,O_RDWR|O_CREAT|O_EXCL,shlock_mode); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1397:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't lock for write: %.80s must have 1777 protection", data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1415:53: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (read (fd,tmp,i) == i) && !(tmp[i] = 0) && ((i = atol (tmp)) > 0)) data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1588:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,*k,*r,tmp[MAILTMPLEN],tmpx[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1593:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen (file ? file : SYSCONFIG,"r")) && data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1621:32: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). createProto = d ? ((*d->open) (NIL)) : &CREATEPROTO; data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1629:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). createProto = (*d->open) (NIL); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1643:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((*d->open) (NIL)) : &EMPTYPROTO; data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1649:34: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (d) appendProto = (*d->open) (NIL); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1674:51: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mail_parameters (NIL,SET_MHALLOWINBOX,(void *) atol (k)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1713:50: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mail_parameters (NIL,SET_OPENTIMEOUT,(void *) atol (k)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1715:50: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mail_parameters (NIL,SET_READTIMEOUT,(void *) atol (k)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1717:51: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mail_parameters (NIL,SET_WRITETIMEOUT,(void *) atol (k)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1719:49: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mail_parameters (NIL,SET_RSHTIMEOUT,(void *) atol (k)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1721:49: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mail_parameters (NIL,SET_SSHTIMEOUT,(void *) atol (k)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1723:53: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mail_parameters (NIL,SET_MAXLOGINTRIALS,(void *) atol (k)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1725:48: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mail_parameters (NIL,SET_LOOKAHEAD,(void *) atol (k)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1727:47: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mail_parameters (NIL,SET_PREFETCH,(void *) atol (k)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1729:51: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mail_parameters (NIL,SET_CLOSEONERROR,(void *) atol (k)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1731:47: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mail_parameters (NIL,SET_IMAPPORT,(void *) atol (k)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1733:47: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mail_parameters (NIL,SET_POP3PORT,(void *) atol (k)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1735:51: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mail_parameters (NIL,SET_UIDLOOKAHEAD,(void *) atol (k)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1737:50: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mail_parameters (NIL,SET_TRYSSLFIRST,(void *) atol (k)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1740:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mbx_protection = atol (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1742:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dir_protection = atol (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1744:19: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dotlock_mode = atol (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1746:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ftp_protection = atol (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1748:24: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). public_protection = atol (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1750:24: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). shared_protection = atol (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1752:25: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ftp_dir_protection = atol (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1754:28: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). public_dir_protection = atol (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1756:28: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). shared_dir_protection = atol (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1758:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). locktimeout = atoi (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1760:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fcntlhangbug = atoi (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1762:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). disableLockWarning = atoi (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1764:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). has_no_life = atoi (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1766:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). hideDotFiles = atoi (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1768:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). list_max_level = atol (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1770:47: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mail_parameters (NIL,SET_TRUSTDNS,(void *) atol (k)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1772:54: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mail_parameters (NIL,SET_SASLUSESPTRNAME,(void *) atol (k)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1774:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). netfsstatbug = atoi (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1776:48: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mail_parameters (NIL,SET_NNTPRANGE,(void *) atol (k)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1796:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). disablePlaintext = atoi (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1798:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). logtry = atoi (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1800:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). closedBox = atoi (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1809:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). advertisetheworld = atoi (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1811:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). limitedadvertise = atoi (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1814:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). noautomaticsharedns = atoi (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1816:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). allowuserconfig = atoi (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1818:56: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mail_parameters (NIL,SET_ALLOWREVERSEDNS,(void *) atol (k)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1820:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). kerb_cp_svr_name = atoi (k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.h:28:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/flockcyg.c:55:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocklnx.c:36:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:52:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:142:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unexpected file locking failure: %.100s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:192:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (file,O_RDWR,0)) < 0) abort(); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:199:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd2 = open (file,O_RDWR,0)) < 0) abort (); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:209:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (file,O_RDWR,0666)) < 0) abort (); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:246:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (file,O_RDWR,0)) < 0) abort(); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:249:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd2 = open (file,O_RDWR,0)) < 0) abort (); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:259:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (file,O_RDWR,0666)) < 0) abort (); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:347:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,event[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:380:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Execution process event string too long: %.500s",event); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:398:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Failed to pipe %lu bytes (of %lu), last=%u: %.100s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:413:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid log event arguments: %.500s",event); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:427:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid notify event arguments: %.500s",event); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:454:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid status event arguments: %.500s",event); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:486:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid diskerror event arguments: %.500s",event); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:492:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unknown event from execution process: %.500s",event); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:500:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Execution process terminated abnormally (%lx)",ret); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:765:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:778:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unknown master response for diskerror: %c",c); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:819:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:832:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp,"Pipe broken reading %.100s with %lu bytes remaining",error,n); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:850:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:865:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (c == EOF) sprintf (tmp,"Pipe broken after flag size %lu",n); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:866:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Missing delimiter after flag size %lu: %c",n,c); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:873:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (c == EOF) sprintf (tmp,"Pipe broken after date size %lu",n); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:874:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (tmp,"Missing delimiter after date size %lu: %c",n,c); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:881:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (c == EOF) sprintf (tmp,"Pipe broken after message size %lu",n); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:882:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Missing delimiter after message size %lu: %c",n,c); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:900:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unknown master response for append: %c",c); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip4_unix.c:123:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&SADR4ADR (sadr),adr,adrlen); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip4_unix.c:163:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **adl,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip6_unix.c:60:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ip_sockaddrtostring (struct sockaddr *sadr,char buf[NI_MAXHOST]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip6_unix.c:60:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ip_sockaddrtostring (struct sockaddr *sadr,char buf[NI_MAXHOST]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip6_unix.c:66:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ip_sockaddrtoname (struct sockaddr *sadr,char buf[NI_MAXHOST]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip6_unix.c:66:48: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ip_sockaddrtoname (struct sockaddr *sadr,char buf[NI_MAXHOST]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip6_unix.c:76:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ip_sockaddrtostring (struct sockaddr *sadr,char buf[NI_MAXHOST]) data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip6_unix.c:76:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ip_sockaddrtostring (struct sockaddr *sadr,char buf[NI_MAXHOST]) data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip6_unix.c:118:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip6_unix.c:134:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (adr,(void *) &SADR4ADR (ai->ai_addr),*len); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip6_unix.c:138:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (adr,(void *) &SADR6ADR (ai->ai_addr),*len); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip6_unix.c:174:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&SADR4ADR (sadr),adr,adrlen); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip6_unix.c:182:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&SADR6ADR (sadr),adr,adrlen); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip6_unix.c:200:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ip_sockaddrtoname (struct sockaddr *sadr,char buf[NI_MAXHOST]) data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip6_unix.c:200:48: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ip_sockaddrtoname (struct sockaddr *sadr,char buf[NI_MAXHOST]) data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip6_unix.c:228:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/kerb_mit.c:93:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kuser[NETMAXUSER]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:77:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; /* buffer to write lock name */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:182:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:211:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,*t,hdr[HDRSIZE]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:217:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((fd = open (tmp,(flags ? O_RDWR : O_RDONLY)|O_BINARY,NIL)) >= 0)) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:274:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (hdr,"%08lx",++(*stream)->uid_last); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:291:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (hdr,"%08lx",(*stream)->uid_last); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:386:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,mbx[MAILTMPLEN],tmp[HDRSIZE]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:390:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (mbx,"Can't create %.80s: invalid name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:397:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (mbx,O_WRONLY|O_BINARY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:404:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s = tmp,"*mbx*\015\012%08lx00000000\015\012", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:447:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:460:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_RDWR|O_BINARY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:473:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s is in use by another process",old); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:562:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:569:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:573:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (fd = open (tmp,O_RDWR|O_BINARY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:574:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (tmp,O_RDONLY|O_BINARY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:807:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:857:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Reclaimed %lu bytes of expunged space",i); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:897:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Expunged %lu messages",nexp); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:901:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Reclaimed %lu bytes of expunged space",reclaimed); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:918:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *hdr,*txt,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:942:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf + strlen (LOCAL->buf), data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:959:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (tmp,"1:%lu",r); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:993:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1010:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1015:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Invalid MBX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1020:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Not a MBX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1039:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf+strlen(LOCAL->buf),",%lu;%08lx%04x-%08lx\015\012", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1066:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"%08lx",dstream->uid_last); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1108:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1134:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1138:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid MBX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1142:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a MBX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1167:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1250:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1262:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox shrank from %lu to %lu!", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1314:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to find CRLF at %lu in %lu bytes, text: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1323:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to parse internal header at %lu: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1333:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to parse message flags at %lu: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1343:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to parse message UID at %lu: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1353:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to parse message size at %lu: %.80s,%.80s;%.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1362:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1373:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid UID %08lx in message %lu, rebuilding UIDs", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1400:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to parse message date at %lu: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1502:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Mailbox shrank from %lu to %lu in flag read!", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1550:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s,"*mbx*\015\012%08lx%08lx\015\012", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1558:28: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. while (i++ < NUSERFLAGS) strcat (s,"\015\012"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1559:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf + HDRSIZE - 10,"%08lx\015\012",LOCAL->lastpid); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1586:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Mailbox shrank from %lu to %lu in flag update!", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1606:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"%08lx%04x-%08lx",elt->user_flags,(unsigned) data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1702:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1834:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1853:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (LOCAL->lock,lock,MAILTMPLEN); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:61:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[CHUNKSIZE]; /* temporary buffer */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:171:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:186:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,altname[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:200:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%.900s not found, mh format names disabled",mh_profile); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:208:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (altname,"#mh%.900s",tmp+i); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:247:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (mh_profile = cpystr (tmp),O_RDONLY,NIL)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:342:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,test[MAILTMPLEN],file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:401:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,test[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:421:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cp,*np,curdir[MAILTMPLEN],name[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:424:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy (name,"#mh/"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:478:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:480:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mailbox %.80s: invalid MH-format name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:483:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mailbox %.80s: mailbox already exists",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:505:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:508:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't delete mailbox %.80s: no such mailbox",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:540:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],tmp1[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:544:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename mailbox %.80s: no such mailbox",old); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:546:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename to mailbox %.80s: invalid MH-format name", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:550:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename to mailbox %.80s: destination already exists", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:578:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:668:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((fd = open (LOCAL->buf,O_RDONLY,NIL)) >= 0)) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:845:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:856:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open mailbox %.80s: no such mailbox",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:870:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((j = atoi (names[i]->d_name)) > old) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:903:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((fd = open (LOCAL->buf,O_WRONLY|O_CREAT|O_EXCL, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:928:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu",i);/* delete it from the sysinbox */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:937:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message copy to MH mailbox failed: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1010:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Expunged %lu messages",n); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1038:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flags[MAILTMPLEN],date[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1047:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (LOCAL->buf,O_RDONLY,NIL)) < 0) return NIL; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1065:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->seen) strcat (flags," \\Seen"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1066:20: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->deleted) strcat (flags," \\Deleted"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1067:20: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->flagged) strcat (flags," \\Flagged"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1068:21: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->answered) strcat (flags," \\Answered"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1069:18: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->draft) strcat (flags," \\Draft"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1096:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*flags,*date,*s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1119:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid MH-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1123:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a MH-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1131:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). last = atoi (names[nfiles-1]->d_name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1148:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1155:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen (tmp),"/%ld",++last); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1156:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((fd = open (tmp,O_WRONLY|O_CREAT|O_EXCL, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1212:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi ((*(struct direct **) d1)->d_name) - data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1213:5: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi ((*(struct direct **) d2)->d_name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1230:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (dst,"%.900s/%.80s",path,MHINBOXDIR); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1232:26: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if (*name == '#') sprintf (dst,"%.100s/%.900s",path,name + 4); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1249:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:224:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:237:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:396:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,tmp[MAILTMPLEN],file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:404:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp,"Can't create mailbox %.80s: invalid MIX-format name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:408:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mailbox %.80s: mailbox already exists",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:413:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mailbox %.80s: %.80s",mailbox,strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:414:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (!(f = fopen (file,"w"))) data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:415:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't re-open metadata %.80s: %.80s",mailbox, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:433:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mix mailbox index: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:438:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mix mailbox status: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:442:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s,"%08lx",now);/* message file */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:444:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mix mailbox data: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:467:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:469:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't delete mailbox %.80s: no such mailbox",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:470:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (((fd = open (tmp,O_RDWR,NIL)) < 0) || flock (fd,LOCK_EX|LOCK_NB)) data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:471:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't lock mailbox for delete: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:489:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't delete name %.80s: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:510:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],tmp1[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:514:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename mailbox %.80s: no such mailbox",old); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:515:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (((fd = open (tmp,O_RDWR,NIL)) < 0) || flock (fd,LOCK_EX|LOCK_NB)) data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:516:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't lock mailbox for rename: %.80s",old); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:518:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename to mailbox %.80s: invalid MIX-format name", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:522:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename to mailbox %.80s: destination already exists", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:575:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:617:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((LOCAL->mfd = open (mix_file (LOCAL->buf,stream->mailbox,MIXMETA), data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:620:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((LOCAL->mfd = open (mix_file (LOCAL->buf,stream->mailbox,MIXMETA), data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:711:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:719:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((LOCAL->msgfd = open (mix_file_data (LOCAL->buf,stream->mailbox, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:745:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Inconsistency in mix message size, uid=%lx (%lu != %lu)", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:782:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((LOCAL->msgfd = open (mix_file_data (LOCAL->buf,stream->mailbox, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:930:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *message,date[MAILTMPLEN],flags[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:957:19: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->seen) strcat (flags," \\Seen"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:958:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->flagged) strcat (flags," \\Flagged"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:959:23: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->answered) strcat (flags," \\Answered"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:960:20: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->draft) strcat (flags," \\Draft"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:965:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sequence[15]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:966:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sequence,"%lu",i); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:974:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Can't copy new mail at message: %lu",i - 1); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1086:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Can't locate mix message file %.08lx", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1100:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1136:15: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (nexp) sprintf (s = LOCAL->buf,"Expunged %lu messages",nexp); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1138:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s=LOCAL->buf,"Reclaimed %lu bytes of expunged space",reclaimed); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1193:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1194:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Backwards-running mix index %lu < %lu",start,s->last); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1250:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (((fd = open (LOCAL->buf,O_RDWR,NIL)) < 0) || data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1252:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Error opening mix message file %.80s: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1270:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Bad message token in mix message file at %lu", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1340:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1341:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unexpected short mix message file %.80s %lu < %lu", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1361:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[2*MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1372:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a MIX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1421:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((LOCAL->msgfd = open (mix_file_data (LOCAL->buf, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1442:21: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->seen) strcat (tmp," \\Seen"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1443:24: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->deleted) strcat (tmp," \\Deleted"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1444:24: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->flagged) strcat (tmp," \\Flagged"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1445:25: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->answered) strcat (tmp," \\Answered"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1446:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->draft) strcat (tmp," \\Draft"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1480:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message copy failed: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1492:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error opening copy message file: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1518:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1531:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a MIX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1571:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1598:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message append failed: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1609:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error opening append message file: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1740:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (LOCAL->index,iflags ? O_RDWR : O_RDONLY,NIL)) < 0) data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1792:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1793:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"flag rename old=%.80s new=%.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1826:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,*msg,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1867:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"mix index invalid UID (%08lx < %08lx)", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1873:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tmp,", repaired"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1883:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"mix index backwards UID: %lx",uid); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1897:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"mix index data unexpunged UID: %lx", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1913:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"mix index data mismatch: %lx",uid); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1928:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"mix index UID mismatch (%lx < %lx)", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1967:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tmp,", repaired"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1976:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Missing mix data file: %.500s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2002:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tmp,", repaired"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2024:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unknown record in mix index file: %.500s",s); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2043:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (LOCAL->status, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2056:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2120:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2245:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2324:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2328:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2377:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error updating mix status file: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2418:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((*fd = open (mix_file_data (LOCAL->buf,stream->mailbox,LOCAL->newmsg), data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2427:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2428:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"short mix message file %.08lx (%ld > %ld), rolling", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2434:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). while ((*fd = open (mix_file_data data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2445:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2446:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"data file %.08lx creation failure: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2474:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,*msg,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2485:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (((fd = open (LOCAL->sortcache,O_RDWR|O_CREAT,sbuf.st_mode)) < 0) && data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2486:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). !(rdonly = ((fd = open (LOCAL->sortcache,O_RDONLY,NIL)) >= 0))) data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2753:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2787:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2836:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (dst,"%.500s/%.80s%.80s",dir,MIXNAME,name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2850:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2851:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (data) sprintf (tmp,"%08lx",data); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:353:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:368:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:375:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_RDONLY,NIL)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:466:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,mbx[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:471:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create %.80s: invalid name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:479:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (mbx,O_WRONLY, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:533:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:542:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if(newname) sprintf (tmp, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:546:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp, "Can't delete mailbox %.80s: invalid name", old); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:549:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s is in use by another process",old); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:600:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:612:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:639:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Trying to get mailbox lock from process %ld",i); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:657:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%d",getpid ()); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:837:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c,*s,*t,*tl,tmp[CHUNKSIZE]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1001:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (i) sprintf (msg = LOCAL->buf,"Expunged %lu messages",i); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1027:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1053:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1058:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Invalid MMDF-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1063:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Not a MMDF-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1073:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Unable to write-open mailbox for COPYUID: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1169:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,buf[BUFLEN],tmp[MAILTMPLEN],file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1199:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1203:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid MMDF-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1207:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a MMDF-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1214:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to examine mailbox for APPEND: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1221:14: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (!(sf = tmpfile ())) { /* must have scratch file */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1222:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,".%lx.%lx",(unsigned long) time (0),(unsigned long)getpid ()); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1223:37: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!stat (tmp,&sbuf) || !(sf = fopen (tmp,"wb+"))) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1224:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to create scratch file: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1233:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1245:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error writing scratch file: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1255:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error finishing scratch file: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1269:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to re-open mailbox for APPENDUID: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1362:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *x,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1503:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (file,flags,mode)) >= 0) flock (fd,op); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1507:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,flags,mode)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1511:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (file,flags,mode)) >= 0) flock (fd,op); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1573:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c,*s,*t,*u,tmp[MAILTMPLEN],date[30]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1603:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox shrank from %lu to %lu bytes, aborted", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1630:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unexpected changes to mailbox (try restarting): %.20s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1827:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message %lu UID %lu already has UID %lu", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1832:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message %lu UID %lu less than %lu", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1838:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message %lu UID %lu greater than last %lu", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1914:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1933:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1934:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"Discarding bogus continuation in msg %lu: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:2064:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (LOCAL->linebuf,bs->curpos,i); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:2090:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret,LOCAL->linebuf,i); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:2093:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + i,bs->curpos,k = min (j,bs->cursize)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:2130:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:2157:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,stack[64]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:2400:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((LOCAL->fd = open (stream->mailbox,O_RDWR, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:2461:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (f->bufpos,buf,k = min (j,size)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:2517:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (f->bufpos,buf,size); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:2545:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:160:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:174:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:184:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_RDONLY,NIL)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:285:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:292:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:295:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp, "Can't delete mailbox %.80s: invalid name", old); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:299:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_RDWR,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:312:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s is in use by another process",old); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:398:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:406:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:410:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (fd = open (tmp,O_RDWR,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:411:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (tmp,O_RDONLY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:412:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open mailbox: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:603:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:662:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *hdr,*txt,lock[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:688:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf + strlen (LOCAL->buf), data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:705:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (tmp,"1:%lu",r); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:742:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:823:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:830:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Expunged %lu messages",n); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:869:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:880:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:885:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Invalid MTX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:890:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Not a MTX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:897:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (mtx_file (file,mailbox),O_RDWR,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:971:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:993:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:997:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid MTX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:1001:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a MTX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:1009:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((fd = open (mtx_file (file,mailbox),O_WRONLY|O_APPEND,NIL)) < 0) || data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:1035:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:1088:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:1106:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:1115:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox shrank from %lu to %lu!", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:1181:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:1303:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"%010lo%02o",k,(unsigned) data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:1335:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:165:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:350:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:354:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mailbox %.80s: invalid MX-format name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:358:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create mailbox %.80s: mailbox already exists",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:387:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:389:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't delete mailbox %.80s: no such mailbox",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:425:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],tmp1[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:428:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename mailbox %.80s: no such mailbox",old); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:430:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename to mailbox %.80s: invalid MX-format name", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:434:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't rename to mailbox %.80s: destination already exists", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:513:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:630:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (mx_fast_work (stream,elt),O_RDONLY,NIL)) < 0) return ""; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:722:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:740:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((j = atoi (names[i]->d_name)) > old) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:771:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((fd = open (LOCAL->buf,O_WRONLY|O_CREAT|O_EXCL, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:796:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%lu",i);/* delete it from the sysinbox */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:804:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message copy to MX mailbox failed: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:876:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Expunged %lu messages",n); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:906:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:914:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Not a MX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:940:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ret = ((fd = open (mx_fast_work (stream,elt),O_RDONLY,NIL)) data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:954:19: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->seen) strcat (tmp," \\Seen"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:955:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->deleted) strcat (tmp," \\Deleted"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:956:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->flagged) strcat (tmp," \\Flagged"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:957:23: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->answered) strcat (tmp," \\Answered"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:958:20: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (elt->draft) strcat (tmp," \\Draft"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:995:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1013:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid MX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1017:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a MX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1040:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1068:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1074:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (tmp,O_WRONLY|O_CREAT|O_EXCL, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1131:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi ((*(struct direct **) d1)->d_name) - data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1132:5: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi ((*(struct direct **) d2)->d_name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1165:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,*idx,tmp[2*MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1169:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (LOCAL->fd = open (strcat (strcpy (tmp,stream->mailbox),MXINDEXNAME), data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1220:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error in index: %.80s",s); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1243:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MXIXBUFLEN + 64]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1248:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s = tmp,"V%08lxL%08lx",stream->uid_validity,stream->uid_last); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1260:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"M%08lx;%08lx.%04x",elt->private.uid,elt->user_flags,(unsigned) data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:54:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[CHUNKSIZE]; /* scratch buffer */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:158:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((fd = open ((char *) mail_parameters (NIL,GET_NEWSACTIVE,NIL),O_RDONLY, data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:199:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:214:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,*u,*r,pattern[MAILTMPLEN],name[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:226:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((fd = open ((char *) mail_parameters (NIL,GET_NEWSACTIVE,NIL), data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:232:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (name,"#news."); /* write initial prefix */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:257:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pattern[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:361:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:379:2: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi (names[i]->d_name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:423:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi ((*(struct direct **) d1)->d_name) - data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:424:5: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi ((*(struct direct **) d2)->d_name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:501:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ((fd = open (LOCAL->buf,O_RDONLY,NIL)) >= 0)) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/opendir.c:38:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open (name,O_RDONLY,NIL); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_a32.h:43:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_a41.h:43:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_a52.h:46:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_aix.c:49:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *tzname[2]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_aix.c:59:14: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define fork vfork data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_aos.c:56:14: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define fork vfork data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_bsd.c:56:14: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define fork vfork data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_bsf.c:48:14: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define fork vfork data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_bsf.h:40:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_bsi.c:48:14: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define fork vfork data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_bsi.h:38:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_cvx.c:54:14: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define fork vfork data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_d-g.h:49:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_do4.c:55:14: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define fork vfork data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_dyn.c:55:14: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define fork vfork data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_dyn.h:53:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define memcpy memmove data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_hpp.c:58:14: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define fork vfork data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_hpp.c:76:42: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return (uname (&udata)) ? 0xfeedface : atol (udata.__idnumber); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_hpp.h:54:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_lnx.c:47:14: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define fork vfork data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_lnx.h:65:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_mnt.c:50:14: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define fork vfork data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_nto.h:63:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_nxt.c:50:14: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define fork vfork data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_osx.h:52:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_ptx.c:65:14: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define fork vfork data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_ptx.h:56:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_pyr.h:50:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define memcpy memmove data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_qn6.h:65:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_s40.c:56:14: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define fork vfork data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sc5.h:59:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sco.h:59:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sgi.h:52:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_shp.c:60:14: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define fork vfork data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_shp.c:78:42: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return (uname (&udata)) ? 0xfeedface : atol (udata.__idnumber); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_shp.h:54:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_slx.c:49:14: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define fork vfork data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_slx.h:65:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sol.c:62:14: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define fork vfork data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_soln.h:72:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_solo.h:69:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sua.c:50:14: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define fork vfork data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sun.c:56:14: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define fork vfork data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sun.h:49:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define memcpy memmove data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_sv4.h:63:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_ult.c:49:14: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define fork vfork data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_vu2.c:75:14: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define fork vfork data/alpine-2.24+dfsg1/imap/src/osdep/unix/phile.c:60:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; /* temporary buffer */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/phile.c:151:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/phile.c:233:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/phile.c:258:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/phile.c:269:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (fd = open (tmp,O_RDONLY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/phile.c:311:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (tmp,"User-Number-%ld",(long) sbuf.st_uid); data/alpine-2.24+dfsg1/imap/src/osdep/unix/phile.c:526:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/phile.c:547:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN],file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/phile.c:550:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't append - not in valid mailbox format: %.80s",s); data/alpine-2.24+dfsg1/imap/src/osdep/unix/phile.c:551:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (tmp,"Can't append - invalid name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:71:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[SSLBUFLEN]; /* input buffer */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:160:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:164:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tmp, "SSLXXXXXX"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:165:20: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). while ((fd = mkstemp(tmp)) < 0) sleep (1); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:170:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen (tmp),"%.80s%lx%.80s%lx%lx%lx%lx%lx", data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:338:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *reason,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:357:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Certificate failure for %.80s: %.512s",host,reason); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:370:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"TLS/SSL failure for %.80s: %.512s",host,reason); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:397:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,*err,tmp[MAILTMPLEN], buf[256]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:472:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"*%.128s: %.255s",err,cert ? buf : "???"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:486:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *err,cert[256],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:495:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"*%.128s: %.255s",err,cert); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:521:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:635:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + n,stc->text.data,stc->text.size); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:652:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret + got, stream->iptr, n); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:681:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret,s,*size = n); /* copy into a free storage string */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:687:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((ret = (char *) fs_get (n)),s,*size = n); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:714:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer,stream->iptr,n); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:770:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:771:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (i) sprintf (s = tmp,"SSL data read I/O error %d SSL error %d", data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:823:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:824:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"SSL data write I/O error %d SSL error %d", data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:921:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:942:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cert[MAILTMPLEN],key[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/sslstdio.c:155:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (sslstdio->optr,t,j = min (i,sslstdio->octr)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:160:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:187:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (tmp,"Bad format domain-literal: %.80s",host); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:192:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"DNS resolution %.80s",host); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:198:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"No such host as %.80s",host); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:251:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NI_MAXHOST]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:265:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to create selectable TCP socket (%d >= %d)", data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:344:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[MAILTMPLEN],tmp[MAILTMPLEN],*path,*argv[MAXARGV+1],*r; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:376:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad format domain-literal: %.80s",host); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:392:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:393:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (msg,"Trying %.100s",tmp); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:494:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + n,stc->text.data,stc->text.size); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:521:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret,s,*size = n); /* copy into a free storage string */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:527:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((ret = (char *) fs_get (n)),s,*size = n); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:554:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s,stream->iptr,n); /* yes, slurp as much as we can from it */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:591:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:592:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (i) sprintf (s = tmp,"TCP buffer read I/O error %d",errno); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:651:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:652:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (i) sprintf (s = tmp,"TCP data read I/O error %d",errno); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:723:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:724:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"TCP write I/O error %d",errno); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:844:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NI_MAXHOST]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:866:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NI_MAXHOST]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:870:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,*v,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:875:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (v = tmp,"%.80s=%.80s",t,s); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:908:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NI_MAXHOST]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:930:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NI_MAXHOST]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:964:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ret,host[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:972:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (host,"DNS canonicalization %.80s",name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:991:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ret,*t,adr[MAILTMPLEN],tmp[MAILTMPLEN],buf[NI_MAXHOST]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:992:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ret = adr,"[%.80s]",ip_sockaddrtostring (sadr,buf)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:1046:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NI_MAXHOST]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:1076:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret + got, stream->iptr, n); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.h:47:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[BUFLEN]; /* input buffer */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:167:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:181:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:191:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_RDONLY,NIL)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:292:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:299:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp, data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:303:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp, data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:308:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_RDWR,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:321:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s is in use by another process",old); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:407:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:415:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:419:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (fd = open (tmp,O_RDWR,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:420:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (tmp,O_RDONLY,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:694:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:753:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *hdr,*txt,lock[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:779:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf + strlen (LOCAL->buf), data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:796:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (tmp,"1:%lu",r); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:833:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:915:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf, data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:922:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Expunged %lu messages",n); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:961:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:972:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:977:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Invalid Tenex-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:982:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Not a Tenex-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:989:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (tenex_file(file,mailbox),O_RDWR,NIL)) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1063:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1085:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1089:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid TENEX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1093:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a TENEX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1101:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((fd = open (tenex_file (file,mailbox),O_WRONLY|O_APPEND,NIL)) < 0) || data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1127:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1202:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1220:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1229:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox shrank from %lu to %lu!", data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1295:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)", data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1417:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"%010lo%02o",k,(unsigned) data/alpine-2.24+dfsg1/imap/src/osdep/unix/tz_bsd.c:37:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s + strlen (s)," (%.50s)",((struct tm *) t)->tm_zone); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tz_sv4.c:37:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s + strlen (s)," (%.50s)", data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:216:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:223:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,O_RDONLY,NIL)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:249:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN],*s,*t,c = '\n'; data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:326:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,mbx[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:331:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create %.80s: invalid name",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:339:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (mbx,O_WRONLY, data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:394:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:404:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp, "Can't rename mailbox %.80s to %.80s: invalid name", data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:407:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp, "Can't delete mailbox %.80s: invalid name",old); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:410:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox %.80s is in use by another process",old); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:461:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:473:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:500:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Trying to get mailbox lock from process %ld",i); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:518:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"%d",getpid ()); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:685:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c,*s,*t,*tl,tmp[CHUNKSIZE]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:849:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (i) sprintf (msg = LOCAL->buf,"Expunged %lu messages",i); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:874:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:905:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:910:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Invalid UNIX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:915:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Not a UNIX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:925:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (LOCAL->buf,"Unable to write-open mailbox for COPYUID: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1020:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *flags,*date,buf[BUFLEN],tmp[MAILTMPLEN],file[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1049:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't access destination: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1053:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Invalid UNIX-format mailbox name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1057:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Not a UNIX-format mailbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1064:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to examine mailbox for APPEND: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1071:14: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (!(sf = tmpfile ())) { /* must have scratch file */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1072:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,".%lx.%lx",(unsigned long) time (0),(unsigned long)getpid ()); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1073:37: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!stat (tmp,&sbuf) || !(sf = fopen (tmp,"wb+"))) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1074:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to create scratch file: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1083:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad date in append: %.80s",date); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1095:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error writing scratch file: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1105:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error finishing scratch file: %.80s",strerror (errno)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1120:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to re-open mailbox for APPENDUID: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1213:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *x,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1361:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (file,flags,mode)) >= 0) flock (fd,op); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1365:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open (file,flags,mode)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1369:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (file,flags,mode)) >= 0) flock (fd,op); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1431:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c,*s,*t,*u,tmp[MAILTMPLEN],date[30]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1461:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Mailbox shrank from %lu to %lu bytes, aborted", data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1488:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unexpected changes to mailbox (try restarting): %.20s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1650:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message %lu UID %lu already has UID %lu", data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1655:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message %lu UID %lu less than %lu", data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1661:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Message %lu UID %lu greater than last %lu", data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1737:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1756:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1757:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"Discarding bogus continuation in msg %lu: %.80s", data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1894:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (LOCAL->linebuf,bs->curpos,i); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1920:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret,LOCAL->linebuf,i); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1923:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + i,bs->curpos,k = min (j,bs->cursize)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1954:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1981:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,stack[64]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:2241:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((LOCAL->fd = open (stream->mailbox,O_RDWR, data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:2302:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (f->bufpos,buf,k = min (j,size)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:2358:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (f->bufpos,buf,size); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:2386:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:2464:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:2466:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't create non-INBOX name as mbox: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:2493:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:2692:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:2694:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't append to that name: %.80s",mailbox); data/alpine-2.24+dfsg1/imap/src/osdep/unix/utime.c:37:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int portable_utime (char *file,time_t timep[2]) data/alpine-2.24+dfsg1/imap/src/osdep/vms/dummyvms.c:104:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/vms/dummyvms.c:202:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/vms/dummyvms.c:291:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/vms/env_vms.c:67:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/vms/env_vms.c:124:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/vms/os_vms.c:71:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pwd[PWDLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vms.h:46:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[BUFLEN]; /* input buffer */ data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsl.c:57:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsl.c:63:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to assign to net, status=%d",status); data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsl.c:68:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to create local socket, status=%d",status); data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsl.c:129:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + n,stc->text.data,stc->text.size); data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsl.c:156:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret,s,*size = n); /* copy into a free storage string */ data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsl.c:162:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((ret = (char *) fs_get (n)),s,*size = n); data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsl.c:190:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (bufptr,stream->iptr,n); data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsl.c:208:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsl.c:218:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Error reading from TcpIp/NETLIB, status=%d",status); data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsl.c:339:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsl.c:344:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Can't get local hostname, status=%d",status); data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:76:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:77:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:103:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad format domain-literal: %.80s",host); data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:118:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&sin.sin_addr,host_name->h_addr,host_name->h_length); data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:121:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"No such host as %.80s",host); data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:137:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to create selectable TCP socket (%d >= %d)", data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:202:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + n,stc->text.data,stc->text.size); data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:229:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret,s,*size = n); /* copy into a free storage string */ data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:235:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((ret = (char *) fs_get (n)),s,*size = n); data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:263:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (bufptr,stream->iptr,n); data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:441:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:458:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsn.c:46:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsn.c:48:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (port) sprintf (tmp,"Can't connect to %.80s,%d: no TCP",host,port); data/alpine-2.24+dfsg1/imap/src/osdep/wce/dummywce.c:112:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/wce/dummywce.c:209:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/wce/dummywce.c:297:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.c:85:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.c:224:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.c:236:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/wce/nl_wce.c:47:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (srcl) memcpy (*dst,src,(size_t) srcl); data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:105:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:106:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:113:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to start Windows Sockets (%d)",i); data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:133:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Bad format domain-literal: %.80s",host); data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:148:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"DNS resolution %.80s",host); data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:165:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&sin.sin_addr,s,he->h_length); data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:208:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to create TCP socket (%d)",WSAGetLastError()); data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:277:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + n,stc->text.data,stc->text.size); data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:304:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret,s,*size = n); /* copy into a free storage string */ data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:310:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((ret = (char *) fs_get (n)),s,*size = n); data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:337:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s,stream->iptr,n); /* yes, slurp as much as we can from it */ data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:720:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ret,host[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:727:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (host,"DNS canonicalization %.80s",name); data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:746:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ret,*t,adr[MAILTMPLEN],tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:747:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ret = adr,"[%.80s]",inet_ntoa (sin->sin_addr)); data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:781:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.h:45:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[BUFLEN]; /* input buffer */ data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:77:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chunk[CHUNKLEN]; data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:133:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:169:67: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (s[2] && ((s[2] == '-') || isdigit (s[2]))) precedence = atol (s + 2); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:171:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). precedence = atol (s); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:194:18: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). else if (!(f = tmpfile ())) ret = fail ("can't make temp file",EX_TEMPFAIL); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:203:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (pwd) sprintf (tmp,"user %.80s",pwd->pw_name); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:204:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (tmp,"UID %ld",(long) ruid); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:205:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tmp," is not privileged to use -b or -I"); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:277:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,*mailbox,tmp[MAILTMPLEN],path[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:285:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"no such user as %.80s",user); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:295:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"unable to log in UID %ld from UID %ld", data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:301:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"delivering to %.80s+%.80s",user,mailbox ? mailbox : "INBOX"); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:315:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"invalid mailbox name %.80s+%.80s",user,mailbox); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:341:47: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (s[1] || ((t = strstr (path,"&&&&&")) && strcpy (t,"INBOX"))))) { data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:343:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to resolve driver in %.80s, -I ignored",inbox); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:360:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to resolve %.80s, -I ignored",inbox); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:370:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Unable to create %.80s, -I ignored",path); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:391:35: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (s = strstr (path,"&&&&&")) && strcpy (s,"INBOX") && data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:407:42: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!ibxpath (ds = format ? (format->open) (NIL) : default_proto (NIL), data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:425:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"attempting to create mailbox %.80s path %.80s",mailbox,path); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:429:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"created %.80s",path); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:444:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:459:39: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (s = strstr (path,"&&&&&")) && strcpy (s,"INBOX")) ? T : NIL; data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:486:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"WARNING: directory %.80s is listable",path); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:492:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"WARNING: multiple links to file %.80s",path); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:496:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"WARNING: file %.80s is executable",path); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:501:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"WARNING: file %.80s is publicly-writable",path); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:505:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"WARNING: file %.80s is publicly-readable",path); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:517:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"message delivery failed to %.80s",path); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:521:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"delivered to %.80s",path); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:538:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"Verifying safe delivery to %.80s by UID %ld",path,(long) uid); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:541:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp,"delivery to %.80s unsafe: ",path); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:545:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen (tmp),"uid mismatch (%ld != %ld)", data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:552:34: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (sbuf->st_mode & S_ISUID) strcat (tmp,"setuid file"); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:554:39: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. else if (sbuf->st_mode & S_ISGID) strcat (tmp,"setgid file"); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:557:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. case S_IFCHR: strcat (tmp,"character special"); break; data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:558:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. case S_IFBLK: strcat (tmp,"block special"); break; data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:559:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. case S_IFLNK: strcat (tmp,"symbolic link"); break; data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:560:18: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. case S_IFSOCK: strcat (tmp,"socket"); break; data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:562:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp + strlen (tmp),"file type %07o",(unsigned int) type); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:704:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/imap/tools/uahelper.c:229:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,*t,line[LINELENGTH]; data/alpine-2.24+dfsg1/include/system.h:81:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. void *memcpy(void *, const void *, size_t); data/alpine-2.24+dfsg1/include/system.h:85:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/alpine-2.24+dfsg1/include/system.h:85:28: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/alpine-2.24+dfsg1/include/system.h:86:29: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memmove(d, s, n) bcopy ((s), (d), (n)) data/alpine-2.24+dfsg1/include/system.h:217:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sun_path[108]; /* path name (gag) */ data/alpine-2.24+dfsg1/ldap/inckit/lber.h:174:31: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define SAFEMEMCPY( d, s, n ) bcopy( s, d, n ) data/alpine-2.24+dfsg1/ldap/inckit/ldap.h:403:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lfd_filter[ LDAP_FILT_MAXSIZ ]; data/alpine-2.24+dfsg1/ldap/inckit/ldap.h:447:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ld_attrbuffer[LDAP_MAX_ATTR_LEN]; data/alpine-2.24+dfsg1/ldap/inckit/msdos.h:124:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define memcpy( a, b, n ) _fmemcpy( a, b, n ) data/alpine-2.24+dfsg1/ldap/kbind.c:267:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char realm[REALM_SZ], *cred, *krbinstance; data/alpine-2.24+dfsg1/ldap/kbind.c:361:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( cred, ktxt.dat, ktxt.length ); data/alpine-2.24+dfsg1/mapi/instmapi.c:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir[1000], filename[1024], mapifile[1024], data/alpine-2.24+dfsg1/mapi/instmapi.c:250:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer2, data/alpine-2.24+dfsg1/mapi/instmapi.c:257:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer2, data/alpine-2.24+dfsg1/mapi/instmapi.c:272:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024*3]; data/alpine-2.24+dfsg1/mapi/instmapi.c:295:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buffer, "PC-Pine"); data/alpine-2.24+dfsg1/mapi/instmapi.c:322:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024*3]; data/alpine-2.24+dfsg1/mapi/pmapi.c:21:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_20k_buf[SIZEOF_20KBUF]; data/alpine-2.24+dfsg1/mapi/pmapi.c:184:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[64], file_ext[64], filename[1024], dir[1024]; data/alpine-2.24+dfsg1/mapi/pmapi.c:254:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). attfd = fopen(filename, "wb"); data/alpine-2.24+dfsg1/mapi/pmapi.c:294:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; /* don't know how much space we'll need */ data/alpine-2.24+dfsg1/mapi/pmapi.c:405:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", msgno); data/alpine-2.24+dfsg1/mapi/pmapi.c:961:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tmptext, dir[1024], filename[1024]; data/alpine-2.24+dfsg1/mapi/pmapi.c:982:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(prcfd = fopen(filename, "wb")){ data/alpine-2.24+dfsg1/mapi/pmapi.c:1003:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[BUFLEN], *local_pinerc, *p; data/alpine-2.24+dfsg1/mapi/pmapi.c:1041:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). prcfd = fopen(local_pinerc, "r"); data/alpine-2.24+dfsg1/mapi/pmapi.c:1186:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p1, *p2, *p3, keyData[1024], *newstr, **valstrp; data/alpine-2.24+dfsg1/mapi/pmapi.c:1465:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, subkey[1024], val[1024]; data/alpine-2.24+dfsg1/mapi/pmapi.c:1473:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(subkey, "%.1020s", p); data/alpine-2.24+dfsg1/mapi/pmapi.c:1501:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subkey[1024]; data/alpine-2.24+dfsg1/mapi/pmapi.c:1538:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tf, *tp, *ui[4], tmp[1024], *dir; data/alpine-2.24+dfsg1/mapi/pmapi.c:1557:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tp, "pine.pwd"); data/alpine-2.24+dfsg1/mapi/pmapi.c:1560:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tf, "pine.pwd"); data/alpine-2.24+dfsg1/mapi/pmapi.c:1564:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!(tfd = fopen(tf,"r"))){ data/alpine-2.24+dfsg1/mapi/pmapi.c:1637:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(dir, "C:\\"); data/alpine-2.24+dfsg1/mapi/pmapi.c:1647:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mime_type[1024], *tmp_ext; data/alpine-2.24+dfsg1/mapi/pmapi.c:1664:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(file_ext, ".txt"); data/alpine-2.24+dfsg1/mapi/pmapi.c:1678:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[1024]; data/alpine-2.24+dfsg1/mapi/pmapi.c:1691:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(path, "mapi_debug.txt"); data/alpine-2.24+dfsg1/mapi/pmapi.c:1699:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(path, "mapisend"); data/alpine-2.24+dfsg1/mapi/pmapi.c:1706:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ms_global->dfd = fopen(path, "wb"); data/alpine-2.24+dfsg1/mapi/pmapi.c:2021:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dstDir[1024]; data/alpine-2.24+dfsg1/mapi/pmapi.c:2061:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sfd = fopen(srcFile, "rb"); data/alpine-2.24+dfsg1/mapi/pmapi.c:2077:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dfd = fopen(dstName, "wb"); data/alpine-2.24+dfsg1/mapi/pmapi.c:2083:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(dstName+i, "%03d", cnt); data/alpine-2.24+dfsg1/mapi/pmapi.c:2096:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dfd = fopen(dstName, "wb"); data/alpine-2.24+dfsg1/mapi/pmapi.c:2102:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sfd = fopen(srcFile, "rb"); data/alpine-2.24+dfsg1/mapi/pmapi.c:2238:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(url, "mailto:?"); data/alpine-2.24+dfsg1/mapi/pmapi.c:2391:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp_20k_buf, "%.100s <%.100s@%.100s>", env->from->personal ? env->from->personal data/alpine-2.24+dfsg1/mapi/pmapi.c:2411:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp_20k_buf, "%.100s <%.100s@%.100s>", env->from->personal ? env->from->personal data/alpine-2.24+dfsg1/mapi/pmapi.c:2457:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp_20k_buf, "%.100s <%.100s@%.100s>", tadr->personal ? tadr->personal data/alpine-2.24+dfsg1/mapi/pmapi.c:2503:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((sfd = fopen(lpMessage->lpFiles[i].lpszPathName, "rb")) == NULL) data/alpine-2.24+dfsg1/mapi/pmapi.c:2881:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ms_global->dfd = fopen(ms_global->debugFile, "ab"); data/alpine-2.24+dfsg1/mapi/pmapi.c:2923:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(id,"<Pmapi32.%04d%02d%02d%02d%02d%02d%X.%d@%.50s>", data/alpine-2.24+dfsg1/mapi/pmapi.h:63:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[errBufSize]; \ data/alpine-2.24+dfsg1/mapi/pmapi.h:123:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char edit1[EDITLEN]; data/alpine-2.24+dfsg1/mapi/pmapi.h:124:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char edit2[EDITLEN]; data/alpine-2.24+dfsg1/mapi/pmapi.h:128:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char user[EDITLEN]; data/alpine-2.24+dfsg1/mapi/pmapi.h:129:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pwd[EDITLEN]; data/alpine-2.24+dfsg1/mapi/pmapi.h:130:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[EDITLEN]; data/alpine-2.24+dfsg1/mapi/smapi.c:203:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ms_global->dfd = fopen(ms_global->debugFile, "ab"); data/alpine-2.24+dfsg1/mapi/smapi.c:292:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024], tmpseq[1024]; data/alpine-2.24+dfsg1/mapi/smapi.c:336:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", tmp_msgno); data/alpine-2.24+dfsg1/mapi/smapi.c:339:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp,":%d", min(cs->open_stream->nmsgs,tmp_msgno+100)); data/alpine-2.24+dfsg1/mapi/smapi.c:375:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(lpszMessageID,"%d", cur_msg); data/alpine-2.24+dfsg1/openssl/include/openssl/camellia.h:103:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *ivec, data/alpine-2.24+dfsg1/openssl/include/openssl/camellia.h:105:62: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. DEPRECATEDIN_3_0(void Camellia_ctr128_encrypt(const unsigned char *in, data/alpine-2.24+dfsg1/openssl/include/openssl/camellia.h:106:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/camellia.h:109:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[CAMELLIA_BLOCK_SIZE], data/alpine-2.24+dfsg1/openssl/include/openssl/camellia.h:110:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], data/alpine-2.24+dfsg1/openssl/include/openssl/des.h:35:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char DES_cblock[8]; data/alpine-2.24+dfsg1/openssl/include/openssl/des.h:36:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef /* const */ unsigned char const_DES_cblock[8]; data/alpine-2.24+dfsg1/openssl/include/openssl/ebcdic.h:31:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const unsigned char os_toascii[256]; data/alpine-2.24+dfsg1/openssl/include/openssl/ebcdic.h:32:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const unsigned char os_toebcdic[256]; data/alpine-2.24+dfsg1/openssl/include/openssl/err.h:55:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *err_data[ERR_NUM_ERRORS]; data/alpine-2.24+dfsg1/openssl/include/openssl/err.h:58:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *err_file[ERR_NUM_ERRORS]; data/alpine-2.24+dfsg1/openssl/include/openssl/err.h:60:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *err_func[ERR_NUM_ERRORS]; data/alpine-2.24+dfsg1/openssl/include/openssl/evp.h:435:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char iv[EVP_MAX_IV_LENGTH]; data/alpine-2.24+dfsg1/openssl/include/openssl/md2.h:37:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[MD2_BLOCK]; data/alpine-2.24+dfsg1/openssl/include/openssl/mdc2.h:36:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[MDC2_BLOCK]; data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:25:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef void (*block128_f) (const unsigned char in[16], data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:26:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[16], const void *key); data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:28:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef void (*cbc128_f) (const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:28:61: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef void (*cbc128_f) (const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:30:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[16], int enc); data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:36:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef void (*ctr128_f) (const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:36:61: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef void (*ctr128_f) (const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:38:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char ivec[16]); data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:40:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef void (*ccm128_f) (const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:40:61: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef void (*ccm128_f) (const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:42:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char ivec[16], data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:43:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cmac[16]); data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:45:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:45:62: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:47:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[16], block128_f block); data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:48:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:48:62: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:50:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[16], block128_f block); data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:52:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:52:62: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:54:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[16], data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:55:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ecount_buf[16], unsigned int *num, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:58:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:58:68: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:60:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[16], data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:61:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ecount_buf[16], data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:64:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:64:62: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:66:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[16], int *num, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:69:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:69:62: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:71:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[16], int *num, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:73:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:73:64: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:75:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[16], int *num, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:77:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:77:64: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:79:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[16], int *num, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:82:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:83:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *out, size_t len, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:84:62: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const void *key, unsigned char ivec[16], data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:86:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:86:64: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:88:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[16], cbc128_f cbc); data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:89:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:90:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *out, size_t len, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:91:62: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const void *key, unsigned char ivec[16], data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:93:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:93:64: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:95:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[16], cbc128_f cbc); data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:97:55: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:98:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *out, size_t len, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:100:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[16], data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:102:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:102:68: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:104:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[16], cbc128_f cbc); data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:105:55: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:106:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *out, size_t len, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:108:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[16], data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:110:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:110:68: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:112:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[16], cbc128_f cbc); data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:163:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char iv[16], data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:186:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef void (*ocb128_f) (const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:186:61: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef void (*ocb128_f) (const unsigned char *in, unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:189:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char offset_i[16], data/alpine-2.24+dfsg1/openssl/include/openssl/modes.h:191:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char checksum[16]); data/alpine-2.24+dfsg1/openssl/include/openssl/seed.h:76:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. DEPRECATEDIN_3_0(void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], data/alpine-2.24+dfsg1/openssl/include/openssl/seed.h:79:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. DEPRECATEDIN_3_0(void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], data/alpine-2.24+dfsg1/openssl/include/openssl/seed.h:80:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char d[SEED_BLOCK_SIZE], data/alpine-2.24+dfsg1/openssl/include/openssl/seed.h:82:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. DEPRECATEDIN_3_0(void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], data/alpine-2.24+dfsg1/openssl/include/openssl/seed.h:83:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char d[SEED_BLOCK_SIZE], data/alpine-2.24+dfsg1/openssl/include/openssl/seed.h:86:55: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. DEPRECATEDIN_3_0(void SEED_ecb_encrypt(const unsigned char *in, data/alpine-2.24+dfsg1/openssl/include/openssl/seed.h:87:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *out, data/alpine-2.24+dfsg1/openssl/include/openssl/seed.h:89:55: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. DEPRECATEDIN_3_0(void SEED_cbc_encrypt(const unsigned char *in, data/alpine-2.24+dfsg1/openssl/include/openssl/seed.h:90:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *out, size_t len, data/alpine-2.24+dfsg1/openssl/include/openssl/seed.h:92:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[SEED_BLOCK_SIZE], data/alpine-2.24+dfsg1/openssl/include/openssl/seed.h:94:58: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. DEPRECATEDIN_3_0(void SEED_cfb128_encrypt(const unsigned char *in, data/alpine-2.24+dfsg1/openssl/include/openssl/seed.h:95:52: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *out, size_t len, data/alpine-2.24+dfsg1/openssl/include/openssl/seed.h:97:52: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[SEED_BLOCK_SIZE], data/alpine-2.24+dfsg1/openssl/include/openssl/seed.h:99:58: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. DEPRECATEDIN_3_0(void SEED_ofb128_encrypt(const unsigned char *in, data/alpine-2.24+dfsg1/openssl/include/openssl/seed.h:100:52: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *out, size_t len, data/alpine-2.24+dfsg1/openssl/include/openssl/seed.h:102:52: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[SEED_BLOCK_SIZE], data/alpine-2.24+dfsg1/openssl/include/openssl/sha.h:103:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char p[SHA512_CBLOCK]; data/alpine-2.24+dfsg1/openssl/include/openssl/whrlpool.h:37:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c[WHIRLPOOL_DIGEST_LENGTH]; data/alpine-2.24+dfsg1/openssl/include/openssl/whrlpool.h:41:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[WHIRLPOOL_BBLOCK / 8]; data/alpine-2.24+dfsg1/pico/attach.c:53:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bfn[NLINE]; data/alpine-2.24+dfsg1/pico/attach.c:54:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[NLINE], sz[32]; data/alpine-2.24+dfsg1/pico/attach.c:433:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[NLINE], /* buffers to hold it all */ data/alpine-2.24+dfsg1/pico/attach.c:485:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[NLINE]; data/alpine-2.24+dfsg1/pico/attach.c:586:28: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if((tp = NewAttach(file, atol(size), comment)) == NULL){ data/alpine-2.24+dfsg1/pico/attach.c:616:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. free((char *) knwn[i]); data/alpine-2.24+dfsg1/pico/attach.c:663:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctmp[1024]; data/alpine-2.24+dfsg1/pico/attach.c:720:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(*lp)->text[bod], &(*lp)->text[*off], data/alpine-2.24+dfsg1/pico/attach.c:779:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *no = atoi(utf8); /* and the old place in list */ data/alpine-2.24+dfsg1/pico/attach.c:1232:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(*lp)->text[eod], &(*lp)->text[*off], data/alpine-2.24+dfsg1/pico/attach.c:1446:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char b[32]; data/alpine-2.24+dfsg1/pico/blddate.c:25:31: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(argc > 1 && (outfile = fopen(argv[1], "w")) == NULL){ data/alpine-2.24+dfsg1/pico/browse.c:63:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char size[16]; /* file's size in s */ data/alpine-2.24+dfsg1/pico/browse.c:81:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dname[NLINE]; /* this dir's name (UTF-8) */ data/alpine-2.24+dfsg1/pico/browse.c:253:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title_buf[64]; data/alpine-2.24+dfsg1/pico/browse.c:322:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, *envp, child[NLINE], tmp[NLINE]; data/alpine-2.24+dfsg1/pico/browse.c:1539:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[100]; data/alpine-2.24+dfsg1/pico/browse.c:2090:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[NLINE], buf2[NLINE]; data/alpine-2.24+dfsg1/pico/browse.c:2091:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lbuf[5]; data/alpine-2.24+dfsg1/pico/browse.c:2524:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char titlebuf[NLINE]; data/alpine-2.24+dfsg1/pico/browse.c:2525:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NLINE]; data/alpine-2.24+dfsg1/pico/browse.c:2526:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dirbuf[NLINE]; data/alpine-2.24+dfsg1/pico/browse.c:2693:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[NLINE]; data/alpine-2.24+dfsg1/pico/browse.c:2771:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lfn[NLINE]; data/alpine-2.24+dfsg1/pico/browse.c:2785:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char f[20000]; data/alpine-2.24+dfsg1/pico/browse.c:2882:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[LA_TEST_BUF]; data/alpine-2.24+dfsg1/pico/buffer.c:271:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[NLINE]; data/alpine-2.24+dfsg1/pico/composer.c:213:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NLINE]; data/alpine-2.24+dfsg1/pico/composer.c:783:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char cmt[NLINE]; data/alpine-2.24+dfsg1/pico/composer.c:785:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NLINE], *bfp; data/alpine-2.24+dfsg1/pico/composer.c:1268:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir[NLINE], fn[NLINE], sz[NLINE]; data/alpine-2.24+dfsg1/pico/composer.c:1281:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NLINE], *bfp; data/alpine-2.24+dfsg1/pico/composer.c:1607:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xx[81]; data/alpine-2.24+dfsg1/pico/composer.c:1811:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[256]; data/alpine-2.24+dfsg1/pico/composer.c:2975:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/alpine-2.24+dfsg1/pico/composer.c:4119:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char empty[1]; data/alpine-2.24+dfsg1/pico/composer.c:4661:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret->finstate, finstate, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/pico/composer.c:4722:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(finstate, state->finstate, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/pico/composer.c:4786:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[500]; data/alpine-2.24+dfsg1/pico/display.c:1384:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t1[NLINE], t2[NLINE], t3[NLINE], tline[NLINE]; data/alpine-2.24+dfsg1/pico/display.c:2677:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10], ch, *s; data/alpine-2.24+dfsg1/pico/display.c:2777:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vp2, vp1, term.t_ncol * sizeof(CELL)); data/alpine-2.24+dfsg1/pico/display.c:2819:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vp2, vp1, term.t_ncol * sizeof(CELL)); data/alpine-2.24+dfsg1/pico/display.c:2928:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. free((char *) vscreen[i]); data/alpine-2.24+dfsg1/pico/display.c:2929:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. free((char *) pscreen[i]); data/alpine-2.24+dfsg1/pico/display.c:3051:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. free((char *) vscreen[i]); data/alpine-2.24+dfsg1/pico/display.c:3052:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. free((char *) pscreen[i]); data/alpine-2.24+dfsg1/pico/display.c:3455:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *obufp, *p, fkey[4]; data/alpine-2.24+dfsg1/pico/display.c:3456:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linebuf[2*NLINE]; /* "2" is for space for invert tokens */ data/alpine-2.24+dfsg1/pico/display.c:3459:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf[NLINE]; data/alpine-2.24+dfsg1/pico/display.c:3504:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char this_label[200], tmp_label[200]; data/alpine-2.24+dfsg1/pico/edef.h:70:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char opertree[NLINE+1]; /* operate within this tree */ data/alpine-2.24+dfsg1/pico/edef.h:71:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char browse_dir[NLINE+1]; /* directory of last browse (cwd) */ data/alpine-2.24+dfsg1/pico/edef.h:129:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char opertree[NLINE+1]; /* operate within this tree */ data/alpine-2.24+dfsg1/pico/edef.h:130:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char browse_dir[NLINE+1]; /* directory of last browse (cwd) */ data/alpine-2.24+dfsg1/pico/estruct.h:225:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b_fname[NFILEN]; /* File name */ data/alpine-2.24+dfsg1/pico/estruct.h:226:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b_bname[NBUFN]; /* Buffer name */ data/alpine-2.24+dfsg1/pico/estruct.h:340:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char size[32]; data/alpine-2.24+dfsg1/pico/file.c:48:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NFILEN]; data/alpine-2.24+dfsg1/pico/file.c:115:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NLINE], dir[NLINE]; data/alpine-2.24+dfsg1/pico/file.c:117:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[64], *infile; data/alpine-2.24+dfsg1/pico/file.c:178:27: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if((*Pmaster->msgntext)(atol(fname), insmsgchar)){ data/alpine-2.24+dfsg1/pico/file.c:304:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tfname[NLINE]; data/alpine-2.24+dfsg1/pico/file.c:508:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[200]; data/alpine-2.24+dfsg1/pico/file.c:568:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NFILEN]; data/alpine-2.24+dfsg1/pico/file.c:569:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shows[NLINE], origshows[NLINE], *bufp; data/alpine-2.24+dfsg1/pico/file.c:620:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *fn, *p, dir[NFILEN]; data/alpine-2.24+dfsg1/pico/file.c:894:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char fn[NFILEN]; data/alpine-2.24+dfsg1/pico/file.c:966:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[200]; data/alpine-2.24+dfsg1/pico/file.c:1018:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, *dlist, tmp[NLINE], dir[NLINE]; data/alpine-2.24+dfsg1/pico/main.c:194:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bname[NBUFN]; /* buffer name of file to read */ data/alpine-2.24+dfsg1/pico/main.c:352:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/alpine-2.24+dfsg1/pico/main.c:643:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_1k_buf[1000]; /* tmp buf to contain err msgs */ data/alpine-2.24+dfsg1/pico/main.c:677:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *starton = atoi(str); data/alpine-2.24+dfsg1/pico/main.c:727:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(strcmp(str, "ntfc") == 0) ntfc = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:728:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (strcmp(str, "ntbc") == 0) ntbc = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:729:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (strcmp(str, "rtfc") == 0) rtfc = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:730:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (strcmp(str, "rtbc") == 0) rtbc = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:731:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (strcmp(str, "tbfc") == 0) tbfc = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:732:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (strcmp(str, "tbbc") == 0) tbbc = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:733:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (strcmp(str, "klfc") == 0) klfc = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:734:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (strcmp(str, "klbc") == 0) klbc = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:735:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (strcmp(str, "knfc") == 0) knfc = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:736:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (strcmp(str, "knbc") == 0) knbc = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:737:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (strcmp(str, "stfc") == 0) stfc = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:738:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (strcmp(str, "stbc") == 0) stbc = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:739:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (strcmp(str, "prfc") == 0) prfc = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:740:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (strcmp(str, "prbc") == 0) prbc = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:741:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (strcmp(str, "q1fc") == 0) q1fc = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:742:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (strcmp(str, "q1bc") == 0) q1bc = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:743:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (strcmp(str, "q2fc") == 0) q2fc = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:744:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (strcmp(str, "q2bc") == 0) q2bc = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:745:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (strcmp(str, "q3fc") == 0) q3fc = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:746:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (strcmp(str, "q3bc") == 0) q3bc = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:747:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (strcmp(str, "sbfc") == 0) sbfc = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:748:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (strcmp(str, "sbbc") == 0) sbbc = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:749:52: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (strcmp(str, "ncolors") == 0) ncolors = atoi(*av); data/alpine-2.24+dfsg1/pico/main.c:998:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if((userfillcol = atoi(str)) < 1) data/alpine-2.24+dfsg1/pico/main.c:1004:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(set_input_timeout(atoi(str)) < 30) data/alpine-2.24+dfsg1/pico/main.c:1181:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bname[NBUFN]; data/alpine-2.24+dfsg1/pico/main.c:1227:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp[2]; data/alpine-2.24+dfsg1/pico/main.c:1245:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v0[100]; data/alpine-2.24+dfsg1/pico/main.c:1246:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *v[2]; data/alpine-2.24+dfsg1/pico/main.c:1267:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[256], *errp; data/alpine-2.24+dfsg1/pico/main.c:1270:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_20k_buf[SIZEOF_20KBUF]; data/alpine-2.24+dfsg1/pico/osdep/altedit.c:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eb[NLINE]; /* buf holding edit command */ data/alpine-2.24+dfsg1/pico/osdep/altedit.c:75:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[128]; /* result string */ data/alpine-2.24+dfsg1/pico/osdep/altedit.c:76:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prmpt[128]; data/alpine-2.24+dfsg1/pico/osdep/altedit.c:111:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **lp, *wsp, *path, fname[MAXPATH+1]; data/alpine-2.24+dfsg1/pico/osdep/altedit.c:311:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[128]; data/alpine-2.24+dfsg1/pico/osdep/altedit.c:345:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eb[2 * PATH_MAX]; /* buf holding edit command */ data/alpine-2.24+dfsg1/pico/osdep/altedit.c:347:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[128]; data/alpine-2.24+dfsg1/pico/osdep/altedit.c:640:2: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR pathbuflpt[PATH_MAX+1]; data/alpine-2.24+dfsg1/pico/osdep/altedit.c:692:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathcopy[PATH_MAX + 1], *dot = NULL; data/alpine-2.24+dfsg1/pico/osdep/chkpoint.c:87:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char copy[NLINE]; data/alpine-2.24+dfsg1/pico/osdep/color.c:390:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/alpine-2.24+dfsg1/pico/osdep/color.c:406:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bg_color_was[MAXCOLORLEN+1]; data/alpine-2.24+dfsg1/pico/osdep/color.c:458:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/alpine-2.24+dfsg1/pico/osdep/color.c:474:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fg_color_was[MAXCOLORLEN+1]; data/alpine-2.24+dfsg1/pico/osdep/color.c:530:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char colorname[12]; data/alpine-2.24+dfsg1/pico/osdep/color.c:537:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rgb[RGBLEN+1]; data/alpine-2.24+dfsg1/pico/osdep/color.c:880:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cbuf[12]; data/alpine-2.24+dfsg1/pico/osdep/color.c:992:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, *comma, scopy[RGBLEN+1]; data/alpine-2.24+dfsg1/pico/osdep/color.c:1001:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). r = atoi(p); data/alpine-2.24+dfsg1/pico/osdep/color.c:1007:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g = atoi(p); data/alpine-2.24+dfsg1/pico/osdep/color.c:1010:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). b = atoi(p); data/alpine-2.24+dfsg1/pico/osdep/color.c:1442:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, *comma, scopy[RGBLEN+1]; data/alpine-2.24+dfsg1/pico/osdep/color.c:1451:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). r = atoi(p); data/alpine-2.24+dfsg1/pico/osdep/color.c:1457:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g = atoi(p); data/alpine-2.24+dfsg1/pico/osdep/color.c:1460:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). b = atoi(p); data/alpine-2.24+dfsg1/pico/osdep/color.c:1598:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char c_to_a_buf[3][RGBLEN+1]; data/alpine-2.24+dfsg1/pico/osdep/color.c:1630:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, *comma, scopy[RGBLEN+1]; data/alpine-2.24+dfsg1/pico/osdep/color.c:1639:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). r = atoi(p); data/alpine-2.24+dfsg1/pico/osdep/color.c:1645:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g = atoi(p); data/alpine-2.24+dfsg1/pico/osdep/color.c:1648:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). b = atoi(p); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:226:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NLINE]; data/alpine-2.24+dfsg1/pico/osdep/filesys.c:282:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[DIRSIZ+1]; data/alpine-2.24+dfsg1/pico/osdep/filesys.c:285:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NLINE+1]; data/alpine-2.24+dfsg1/pico/osdep/filesys.c:485:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[50]; data/alpine-2.24+dfsg1/pico/osdep/filesys.c:507:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[_MAX_PATH]; data/alpine-2.24+dfsg1/pico/osdep/filesys.c:542:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[_MAX_PATH]; data/alpine-2.24+dfsg1/pico/osdep/filesys.c:566:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(file, "%c:%.*s", _getdrive()+'A'-1, namelen-3, name); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:639:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *stack[32]; data/alpine-2.24+dfsg1/pico/osdep/filesys.c:640:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathbuf[NLINE]; data/alpine-2.24+dfsg1/pico/osdep/filesys.c:718:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[_MAX_PATH]; data/alpine-2.24+dfsg1/pico/osdep/filesys.c:977:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[EXTEND_BLOCK], *errstring = NULL; data/alpine-2.24+dfsg1/pico/osdep/getkey.c:367:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char inputbuf[20]; data/alpine-2.24+dfsg1/pico/osdep/msdlg.c:72:8: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern TCHAR gszAppName[45]; data/alpine-2.24+dfsg1/pico/osdep/msdlg.c:910:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR caption[128]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:272:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR writeAccum[WRITE_ACCUM_SIZE]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:359:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX+1]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:632:1: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR gszAppName[45]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:634:7: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. LOCAL TCHAR TempBuf [MAXLEN_TEMPSTR]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:697:7: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. LOCAL TCHAR gPrintFontName[LF_FACESIZE]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:698:7: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. LOCAL TCHAR gPrintFontStyle[64]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:699:7: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. LOCAL TCHAR gPrintFontCharSet[256]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:826:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mswin_debugfile = fopen ("memdebug.txt", "w"); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:845:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if(strcmp((const char *)argv[i], "-nosplash") == 0){ data/alpine-2.24+dfsg1/pico/osdep/mswin.c:958:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR appIdent[32]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:1779:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pDestCW, pSourceCW, len * sizeof(int)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:1785:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pDestAtt, pSourceAtt, len * sizeof(CharAttrib)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:1878:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&pTTYInfo->lfTTYFont, newFont, sizeof (LOGFONT)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:2095:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&tmpFont, &pTTYInfo->lfTTYFont, data/alpine-2.24+dfsg1/pico/osdep/mswin.c:2807:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR lines[8]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:3122:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char timestring[23]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:3708:10: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szTemp [81]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:3903:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&newFont, &gpTTYInfo->lfTTYFont, sizeof (LOGFONT)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:3904:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&origFont, &gpTTYInfo->lfTTYFont, sizeof (LOGFONT)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:4000:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). v = atoi (str) * neg; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:4081:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cbuf[RGBLEN+1]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:4107:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cn[RGBLEN+1]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:4969:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pCB, rp->pRow, rp->len * sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5027:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR buf[256]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5131:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR tcbuf[256]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5446:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR tcbuf[256]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5627:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR fname[1024]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5759:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR buf[1024]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5836:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR tstr[1024]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5914:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wp[WIN_POS_STR_MAX_LEN + 1]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:7517:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pCB, s, sSize); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8315:7: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. LOCAL TCHAR gHomeDir[PATH_MAX]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8316:7: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. LOCAL TCHAR gLastDir[PATH_MAX]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8357:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR filters[128], moniker[128]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8517:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR filters[1024]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8671:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR filters[1024]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8832:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[MAXCLEN]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8860:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[MAXCLEN]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8888:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[MAXCLEN]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8911:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[MAXCLEN]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8956:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char c_to_a_buf[3][RGBLEN+1]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:9017:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fgbuf[MAXCLEN], bgbuf[MAXCLEN]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:9029:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fgbuf[MAXCLEN], bgbuf[MAXCLEN]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:9083:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fgbuf[MAXCLEN]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:9101:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bgbuf[MAXCLEN]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:9146:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fgbuf[MAXCLEN], bgbuf[MAXCLEN]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:9195:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rgbbuf[MAXCLEN], *p; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:9826:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pMyCopy, pCB, cbSize*sizeof(*pCB)); /* Copy data. */ data/alpine-2.24+dfsg1/pico/osdep/mswin.c:9950:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (gpPasteNext, pCB, (cbSize+1)*sizeof(TCHAR)); /* Copy data. */ data/alpine-2.24+dfsg1/pico/osdep/mswin.c:10119:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title[256], *help; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:10257:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR waitingFor[256]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:10457:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR buf[1024]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:10602:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR msg[256]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:10787:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR keybuf[MSWR_KEY_MAX+1]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:10809:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR keybuf[MSWR_KEY_MAX+1]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:10988:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR scheme[MSWR_KEY_MAX+1], *p; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:10990:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdbuf[MSWR_DATA_MAX], *cmd = NULL; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11023:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR buf[MSWR_KEY_MAX+1]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11048:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR path_lptstr[MSWR_DATA_MAX]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11101:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR tmp_lptstr[MSWR_DATA_MAX]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11272:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR KeyBuf[MSWR_KEY_MAX+1]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11273:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR ValBuf[MSWR_VAL_MAX+1]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11279:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR new_buf[1024]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11349:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR KeyBuf[MSWR_KEY_MAX+1]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11463:9: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR ring2[256]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11745:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR buf[256]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11878:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR tcbuf[256]; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11938:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR description[DESC_LEN+1]; data/alpine-2.24+dfsg1/pico/osdep/mswin_aspell.c:99:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR aspell_fullname[MAX_PATH + 1]; data/alpine-2.24+dfsg1/pico/osdep/mswin_aspell.c:109:9: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR aspell_path[MAX_PATH + 1]; data/alpine-2.24+dfsg1/pico/osdep/mswin_spell.c:151:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR dlg_title[256]; data/alpine-2.24+dfsg1/pico/osdep/mswin_spell.c:279:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR str_lptstr[128]; data/alpine-2.24+dfsg1/pico/osdep/mswin_tw.c:307:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR msg[1024]; data/alpine-2.24+dfsg1/pico/osdep/mswin_tw.c:614:13: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR link_buf[1024]; data/alpine-2.24+dfsg1/pico/osdep/newmail.c:47:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inbox[256], *p; data/alpine-2.24+dfsg1/pico/osdep/os-wnt.h:172:9: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define bcopy(a,b,s) memmove (b, a, s) data/alpine-2.24+dfsg1/pico/osdep/signals.c:165:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[NLINE]; data/alpine-2.24+dfsg1/pico/osdep/spell.c:93:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ccb[NLINE], *sp, *fn, *lp, *wsp, c, spc[NLINE]; data/alpine-2.24+dfsg1/pico/osdep/spell.c:126:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *path, fname[MAXPATH+1]; data/alpine-2.24+dfsg1/pico/osdep/spell.c:180:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[2*NLINE + 32]; data/alpine-2.24+dfsg1/pico/osdep/terminal.c:115:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char term_name[40]; data/alpine-2.24+dfsg1/pico/osdep/terminal.c:398:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(er && (rr = atoi(er)) > 0) data/alpine-2.24+dfsg1/pico/osdep/terminal.c:409:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(ec && (cc = atoi(ec)) > 0) data/alpine-2.24+dfsg1/pico/osdep/terminal.c:850:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tcapbuf[TCAPSLEN]; data/alpine-2.24+dfsg1/pico/osdep/terminal.c:872:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char term_name[40]; data/alpine-2.24+dfsg1/pico/osdep/terminal.c:1063:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tcbuf[2*1024]; data/alpine-2.24+dfsg1/pico/osdep/terminal.c:1065:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err_str[72]; data/alpine-2.24+dfsg1/pico/osdep/terminal.c:1173:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(er && (rr = atoi(er)) > 0) data/alpine-2.24+dfsg1/pico/osdep/terminal.c:1184:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(ec && (cc = atoi(ec)) > 0) data/alpine-2.24+dfsg1/pico/osdep/tty.c:169:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char obuf[MAX(MB_LEN_MAX,32)]; data/alpine-2.24+dfsg1/pico/pico.c:154:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bname[NBUFN]; /* buffer name of file to read */ data/alpine-2.24+dfsg1/pico/pico.c:158:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chkptfile[NLINE]; data/alpine-2.24+dfsg1/pico/pico.c:1595:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char obuf[6]; data/alpine-2.24+dfsg1/pico/pico.c:1715:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char cbuf[6]; data/alpine-2.24+dfsg1/pico/pilot.c:104:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bname[NBUFN]; /* buffer name of file to read */ data/alpine-2.24+dfsg1/pico/pilot.c:105:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[NSTRING]; data/alpine-2.24+dfsg1/pico/pilot.c:106:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filedir[NSTRING]; data/alpine-2.24+dfsg1/pico/pilot.c:243:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_1k_buf[1000]; /* tmp buf to contain err msgs */ data/alpine-2.24+dfsg1/pico/pilot.c:395:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(set_input_timeout(atoi(str)) < 30) data/alpine-2.24+dfsg1/pico/pilot.c:434:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp[2]; data/alpine-2.24+dfsg1/pico/pilot.c:459:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[256], *errp; data/alpine-2.24+dfsg1/pico/random.c:51:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[80]; data/alpine-2.24+dfsg1/pico/search.c:469:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char utf8tmp[NPMT]; data/alpine-2.24+dfsg1/pico/search.c:679:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char utf8tmp[NPMT]; data/alpine-2.24+dfsg1/pico/search.c:945:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numpat[NPMT]; data/alpine-2.24+dfsg1/pico/word.c:652:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[100]; data/alpine-2.24+dfsg1/pico/word.c:714:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. {char num[20]; data/alpine-2.24+dfsg1/pico/word.c:720:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). quotelevel = atoi(num); data/alpine-2.24+dfsg1/pith/abdlc.c:1615:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[6*MAX_SCREEN_COLS + 1]; data/alpine-2.24+dfsg1/pith/abdlc.c:1616:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[6*1024]; data/alpine-2.24+dfsg1/pith/abdlc.c:1617:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostbuf[128]; data/alpine-2.24+dfsg1/pith/ablookup.c:71:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save_jmp_buf, addrbook_changed_unexpectedly, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/pith/ablookup.c:108:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrbook_changed_unexpectedly, save_jmp_buf, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/pith/ablookup.c:142:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save_jmp_buf, addrbook_changed_unexpectedly, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/pith/ablookup.c:184:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrbook_changed_unexpectedly, save_jmp_buf, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/pith/ablookup.c:219:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save_jmp_buf, addrbook_changed_unexpectedly, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/pith/ablookup.c:266:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrbook_changed_unexpectedly, save_jmp_buf, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/pith/ablookup.c:349:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save_jmp_buf, addrbook_changed_unexpectedly, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/pith/ablookup.c:486:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrbook_changed_unexpectedly, save_jmp_buf, sizeof(jmp_buf)); data/alpine-2.24+dfsg1/pith/ablookup.c:517:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char abuf[MAX_ADDR_FIELD+1]; data/alpine-2.24+dfsg1/pith/ablookup.c:825:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrstr[500]; data/alpine-2.24+dfsg1/pith/ablookup.c:872:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ebuf[200]; data/alpine-2.24+dfsg1/pith/ablookup.c:1084:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/alpine-2.24+dfsg1/pith/ablookup.c:1322:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/alpine-2.24+dfsg1/pith/ablookup.c:1531:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/alpine-2.24+dfsg1/pith/addrbook.c:184:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). disp_form[column].req_width = atoi(q); data/alpine-2.24+dfsg1/pith/addrbook.c:188:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). disp_form[column].req_width = atoi(q); data/alpine-2.24+dfsg1/pith/addrstring.c:258:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *list, *s, string[MAX_ADDR_EXPN+1]; data/alpine-2.24+dfsg1/pith/addrstring.c:434:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/adrbklib.c:147:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPATH], *filename; data/alpine-2.24+dfsg1/pith/adrbklib.c:313:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPATH]; data/alpine-2.24+dfsg1/pith/adrbklib.c:645:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/adrbklib.c:745:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nickbuf[50]; data/alpine-2.24+dfsg1/pith/adrbklib.c:1079:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/alpine-2.24+dfsg1/pith/adrbklib.c:1132:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *addthis, *p, buf[1000]; data/alpine-2.24+dfsg1/pith/adrbklib.c:1233:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/alpine-2.24+dfsg1/pith/adrbklib.c:1308:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/alpine-2.24+dfsg1/pith/adrbklib.c:3105:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). year = atoi(&nickname[DELETED_LEN]); data/alpine-2.24+dfsg1/pith/adrbklib.c:3106:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). month = atoi(&nickname[DELETED_LEN+3]); data/alpine-2.24+dfsg1/pith/adrbklib.c:3107:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). day = atoi(&nickname[DELETED_LEN+6]); data/alpine-2.24+dfsg1/pith/adrbklib.c:3390:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datebuf[200]; data/alpine-2.24+dfsg1/pith/adrbklib.c:3998:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ae_before, new_ae, sizeof(AdrBk_Entry)); data/alpine-2.24+dfsg1/pith/adrbklib.c:4012:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ae_before, new_ae, sizeof(AdrBk_Entry)); data/alpine-2.24+dfsg1/pith/adrbklib.c:4054:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ae_before_prev, &ae_tmp, sizeof(ae_tmp)); data/alpine-2.24+dfsg1/pith/adrbklib.c:4069:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ae_before, &ae_tmp, sizeof(ae_tmp)); data/alpine-2.24+dfsg1/pith/adrbklib.c:4893:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ae_i, ae_hi, sizeof(ae_tmp)); data/alpine-2.24+dfsg1/pith/adrbklib.c:4894:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ae_hi, &ae_tmp, sizeof(ae_tmp)); data/alpine-2.24+dfsg1/pith/adrbklib.c:5119:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char book_path[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/adrbklib.c:5231:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fbuf[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/adrbklib.c:5443:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning[800]; /* place to put a warning */ data/alpine-2.24+dfsg1/pith/atttype.h:31:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char size[25]; data/alpine-2.24+dfsg1/pith/atttype.h:41:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attrib[32], data/alpine-2.24+dfsg1/pith/bitmap.h:31:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char bitmap_t[BM_SIZE]; data/alpine-2.24+dfsg1/pith/bldaddr.c:652:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ebuf[200]; data/alpine-2.24+dfsg1/pith/charconv/filesys.c:176:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char inputbuf[20]; data/alpine-2.24+dfsg1/pith/charconv/filesys.c:235:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char obuf[MAX(MB_LEN_MAX,32)]; data/alpine-2.24+dfsg1/pith/charconv/filesys.c:313:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[500]; data/alpine-2.24+dfsg1/pith/charconv/filesys.c:381:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return(fopen(fname_to_locale(path), mode)); data/alpine-2.24+dfsg1/pith/charconv/filesys.c:416:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return(open(fname_to_locale(path), flags, mode)); data/alpine-2.24+dfsg1/pith/charconv/filesys.c:669:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR lptstr_env_variable[MAXPATH+1], *p; data/alpine-2.24+dfsg1/pith/charconv/utf8.c:49:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char locale_charmap[50]; data/alpine-2.24+dfsg1/pith/charconv/utf8.c:75:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dummy[32]; data/alpine-2.24+dfsg1/pith/charconv/utf8.c:691:19: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). lptstr_len = MultiByteToWideChar( CP_UTF8, 0, arg_utf8, -1, NULL, 0 ); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:695:23: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). lptstr_len = MultiByteToWideChar( CP_UTF8, 0, data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1228:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newfmt[100], buf[20], *q, *pdest, *width_str, *end; data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1327:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). min_field_width = atoi(width_str); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1348:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). field_precision = atoi(width_str); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1929:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/alpine-2.24+dfsg1/pith/charconv/utf8.c:2183:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[12]; data/alpine-2.24+dfsg1/pith/charconv/utf8.c:2261:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[3][50]; data/alpine-2.24+dfsg1/pith/charconv/utf8.c:2299:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[3][50]; data/alpine-2.24+dfsg1/pith/color.c:29:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[(2 * RGBLEN) + 5], *p; data/alpine-2.24+dfsg1/pith/color.c:155:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fg[RGBLEN + 1], bg[RGBLEN + 1], rgbbuf[RGBLEN + 1]; data/alpine-2.24+dfsg1/pith/conf.c:1000:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPATH+1], *p, *db; data/alpine-2.24+dfsg1/pith/conf.c:1002:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[MAXPATH+1], l_pinerc[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/conf.c:1059:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPATH], dir[MAXPATH]; data/alpine-2.24+dfsg1/pith/conf.c:1294:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf3[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/conf.c:1612:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPATH+1], *p, *q, **s, *comma_index; data/alpine-2.24+dfsg1/pith/conf.c:1752:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char **l, path[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/conf.c:1777:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char **l, path[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/conf.c:2080:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ps->last_expire_year = atoi(VAR_LAST_TIME_PRUNE_QUESTION); data/alpine-2.24+dfsg1/pith/conf.c:2081:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ps->last_expire_month = atoi(comma_index + 1); data/alpine-2.24+dfsg1/pith/conf.c:2160:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ps->printer_category = atoi(VAR_PERSONAL_PRINT_CATEGORY); data/alpine-2.24+dfsg1/pith/conf.c:2164:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char aname[100], wname[100]; data/alpine-2.24+dfsg1/pith/conf.c:2200:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ps->viewer_overlap = i = atoi(DF_OVERLAP); data/alpine-2.24+dfsg1/pith/conf.c:2207:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ps->scroll_margin = i = atoi(DF_MARGIN); data/alpine-2.24+dfsg1/pith/conf.c:2214:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ps->composer_fillcol = i = atoi(DF_FILLCOL); data/alpine-2.24+dfsg1/pith/conf.c:2221:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ps->quote_suppression_threshold = i = atoi(DF_QUOTE_SUPPRESSION); data/alpine-2.24+dfsg1/pith/conf.c:2240:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ps->deadlets = i = atoi(DF_DEADLETS); data/alpine-2.24+dfsg1/pith/conf.c:2261:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ps->remote_abook_history = i = atoi(DF_REMOTE_ABOOK_HISTORY); data/alpine-2.24+dfsg1/pith/conf.c:2268:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ps->remote_abook_validity = i = atoi(DF_REMOTE_ABOOK_VALIDITY); data/alpine-2.24+dfsg1/pith/conf.c:2532:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char foreColor[64], backColor[64]; data/alpine-2.24+dfsg1/pith/conf.c:2710:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ps->s_pool.max_remstream = i = atoi(DF_MAXREMSTREAM); data/alpine-2.24+dfsg1/pith/conf.c:2719:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ps->nmw_width = i = atoi(DF_NMW_WIDTH); data/alpine-2.24+dfsg1/pith/conf.c:3491:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **p, data/alpine-2.24+dfsg1/pith/conf.c:4573:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **tmp, **t, **list[5]; data/alpine-2.24+dfsg1/pith/conf.c:4812:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPATH]; data/alpine-2.24+dfsg1/pith/conf.c:4847:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char no_allow[50]; data/alpine-2.24+dfsg1/pith/conf.c:4985:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPATH]; data/alpine-2.24+dfsg1/pith/conf.c:5002:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char word[128+1], *colon = NULL, *rbrace = NULL; data/alpine-2.24+dfsg1/pith/conf.c:5623:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char quotes[3] = {'"', '"', '\0'}; data/alpine-2.24+dfsg1/pith/conf.c:6099:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datebuf[200]; data/alpine-2.24+dfsg1/pith/conf.c:6414:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPATH], *p; data/alpine-2.24+dfsg1/pith/conf.c:6427:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[MAXPATH]; data/alpine-2.24+dfsg1/pith/conf.c:6871:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[10000]; data/alpine-2.24+dfsg1/pith/conf.c:7443:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/alpine-2.24+dfsg1/pith/conf.c:7802:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[SIZEOFBUF], buf2[SIZEOFBUF]; data/alpine-2.24+dfsg1/pith/conf.c:8258:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char aname[100], wname[100]; data/alpine-2.24+dfsg1/pith/conf.c:8322:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sbuf[MAX_SCREEN_COLS+1], tmp[128]; data/alpine-2.24+dfsg1/pith/conf.c:8367:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmp, "SSLv3, "); data/alpine-2.24+dfsg1/pith/conf.c:8370:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmp, "TLSv1, "); data/alpine-2.24+dfsg1/pith/conf.c:8373:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmp, "TLSv1.1, "); data/alpine-2.24+dfsg1/pith/conf.c:8376:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmp, "TLSv1.2, "); data/alpine-2.24+dfsg1/pith/conf.c:8379:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmp, "TLSv1.3, "); data/alpine-2.24+dfsg1/pith/conf.c:8384:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmp, "SSLv3, "); data/alpine-2.24+dfsg1/pith/conf.c:8389:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmp, "TLSv1, "); data/alpine-2.24+dfsg1/pith/conf.c:8394:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmp, "TLSv1.1, "); data/alpine-2.24+dfsg1/pith/conf.c:8399:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmp, "TLSv1.2, "); data/alpine-2.24+dfsg1/pith/conf.c:8404:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmp, "TLSv1.3, "); data/alpine-2.24+dfsg1/pith/conf.c:8643:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(titlebuf, "PC Alpine For Windows"); data/alpine-2.24+dfsg1/pith/conftype.h:718:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. volatile char passphrase[100]; /* storage for the entered passphrase */ data/alpine-2.24+dfsg1/pith/context.c:334:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[200]; data/alpine-2.24+dfsg1/pith/context.c:367:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; /* must be within context */ data/alpine-2.24+dfsg1/pith/context.c:385:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; /* build FQN from ambiguous name */ data/alpine-2.24+dfsg1/pith/context.c:421:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; /* build FQN from ambiguous name */ data/alpine-2.24+dfsg1/pith/context.c:454:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; /* build FQN from ambiguous name */ data/alpine-2.24+dfsg1/pith/context.c:485:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN],tmp2[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/context.c:496:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/context.c:513:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; /* build FQN from ambiguous name */ data/alpine-2.24+dfsg1/pith/context.c:531:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; /* build FQN from ambiguous name */ data/alpine-2.24+dfsg1/pith/context.c:552:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; /* build FQN from ambiguous name */ data/alpine-2.24+dfsg1/pith/context.c:572:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; /* build FQN from ambiguous name */ data/alpine-2.24+dfsg1/pith/context.c:589:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s, tmp[MAILTMPLEN]; /* build FQN from ambiguous name */ data/alpine-2.24+dfsg1/pith/context.c:625:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; /* build FQN from ambiguous name */ data/alpine-2.24+dfsg1/pith/context.c:645:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[MAXPATH], rcontext[MAXPATH], data/alpine-2.24+dfsg1/pith/detach.c:152:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *status, trigger[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/detach.c:155:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char err_string[100]; data/alpine-2.24+dfsg1/pith/detach.c:533:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cpath[MAXPATH+1], *p; data/alpine-2.24+dfsg1/pith/detoken.c:244:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subbuf[MAXSUB+1], *repl; data/alpine-2.24+dfsg1/pith/editorial.c:46:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[EDITORIAL_MAX]; data/alpine-2.24+dfsg1/pith/editorial.c:48:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char postfix[EDITORIAL_MAX]; data/alpine-2.24+dfsg1/pith/editorial.c:150:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char normal_embed[(2 * RGBLEN) + 5]; data/alpine-2.24+dfsg1/pith/editorial.c:151:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char quote_color_embed[(2 * RGBLEN) + 5]; data/alpine-2.24+dfsg1/pith/filter.c:208:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cb[RGBLEN+1]; \ data/alpine-2.24+dfsg1/pith/filter.c:501:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char obuf[MAX(MB_LEN_MAX,32)]; data/alpine-2.24+dfsg1/pith/filter.c:622:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char obuf[MAX(MB_LEN_MAX,32)]; data/alpine-2.24+dfsg1/pith/filter.c:684:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char obuf[MAX(MB_LEN_MAX,32)]; data/alpine-2.24+dfsg1/pith/filter.c:751:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char inputbuf[20]; data/alpine-2.24+dfsg1/pith/filter.c:1027:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c, obuf[MAX(MB_LEN_MAX,32)]; data/alpine-2.24+dfsg1/pith/filter.c:2851:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[HTML_BUF_LEN]; /* buffer to collect data */ data/alpine-2.24+dfsg1/pith/filter.c:4483:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/alpine-2.24+dfsg1/pith/filter.c:4494:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", h->key); data/alpine-2.24+dfsg1/pith/filter.c:4974:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/pith/filter.c:5368:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN], *p, *q; data/alpine-2.24+dfsg1/pith/filter.c:5666:12: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). hd->x = atol(p->value); data/alpine-2.24+dfsg1/pith/filter.c:5797:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16], tmp[16], *p; data/alpine-2.24+dfsg1/pith/filter.c:7641:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAILTMPLEN], *bufp; data/alpine-2.24+dfsg1/pith/filter.c:7674:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, buf[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/filter.c:7820:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[MAX_ENTITY+2]; data/alpine-2.24+dfsg1/pith/filter.c:7962:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char utf8buf[8], *p1, *p2; data/alpine-2.24+dfsg1/pith/filter.c:8787:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/pith/filter.c:9063:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imgfile[1024]; data/alpine-2.24+dfsg1/pith/filter.c:9437:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char utf8buf[7]; data/alpine-2.24+dfsg1/pith/filter.c:9456:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char special[256]; data/alpine-2.24+dfsg1/pith/filter.c:10611:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cb[RGBLEN+1]; data/alpine-2.24+dfsg1/pith/filter.c:10646:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[RGBLEN+1]; data/alpine-2.24+dfsg1/pith/filter.c:10701:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cb[RGBLEN+1]; data/alpine-2.24+dfsg1/pith/filter.c:10711:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cb[RGBLEN+1]; data/alpine-2.24+dfsg1/pith/filter.c:10722:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; int i; data/alpine-2.24+dfsg1/pith/filttype.h:41:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char queue[1 + GF_MAXBUF]; data/alpine-2.24+dfsg1/pith/filttype.h:67:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cbuf[6]; /* used for converting to or from */ data/alpine-2.24+dfsg1/pith/folder.c:113:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN], dir[3]; data/alpine-2.24+dfsg1/pith/folder.c:293:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, reference[MAILTMPLEN], tmp[MAILTMPLEN], *tfolder = NULL; data/alpine-2.24+dfsg1/pith/folder.c:485:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[2*MAILTMPLEN], *p, *f; /* look harder */ data/alpine-2.24+dfsg1/pith/folder.c:918:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reference[2*MAILTMPLEN], *p; data/alpine-2.24+dfsg1/pith/folder.c:1161:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullname[1000], tmp1[1000], tmp2[1000], *l1, *l2; data/alpine-2.24+dfsg1/pith/folder.c:1552:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAXFOLDER+2], *a, *b, *fn, *pat; data/alpine-2.24+dfsg1/pith/folder.c:1809:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source[MAILTMPLEN], *target = NULL; data/alpine-2.24+dfsg1/pith/folder.c:2224:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mailbox_name[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/folder.c:2374:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mailbox_name[MAILTMPLEN], *target; data/alpine-2.24+dfsg1/pith/folder.c:2375:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cn, tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/foldertype.h:57:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1]; /* folder's name */ data/alpine-2.24+dfsg1/pith/help.c:39:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/alpine-2.24+dfsg1/pith/help.c:58:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ourbuf[100], *p; data/alpine-2.24+dfsg1/pith/help.c:103:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ourbuf[100], *p; data/alpine-2.24+dfsg1/pith/help.h:36:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[RMMSGLEN+1]; data/alpine-2.24+dfsg1/pith/help.h:37:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp[RMTIMLEN+1]; data/alpine-2.24+dfsg1/pith/help_c_gen.c:61:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rawline[10000]; data/alpine-2.24+dfsg1/pith/help_h_gen.c:55:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[10000]; data/alpine-2.24+dfsg1/pith/helpindx.c:31:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[HELP_KEY_MAX]; /* name of help section */ data/alpine-2.24+dfsg1/pith/helpindx.c:39:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, s[1024]; data/alpine-2.24+dfsg1/pith/helpindx.c:56:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((hp = fopen(argv[1], "rb")) == NULL){ /* problems */ data/alpine-2.24+dfsg1/pith/helpindx.c:61:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((hip = fopen(argv[2], "wb")) == NULL){ /* problems */ data/alpine-2.24+dfsg1/pith/helpindx.c:66:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((hhp = fopen(argv[3], "w")) == NULL){ /* problems */ data/alpine-2.24+dfsg1/pith/ical.c:310:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char piece[50]; data/alpine-2.24+dfsg1/pith/ical.c:720:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *longp = atoi(value); data/alpine-2.24+dfsg1/pith/ical.c:1524:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *count = atoi(text); data/alpine-2.24+dfsg1/pith/ical.c:1679:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char icu[6]; data/alpine-2.24+dfsg1/pith/ical.c:2207:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rv->priority = atoi(icl->value); data/alpine-2.24+dfsg1/pith/ical.c:2254:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[200], *tzid; data/alpine-2.24+dfsg1/pith/ical.c:2304:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN+1]; data/alpine-2.24+dfsg1/pith/ical.c:2342:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[200], *tzid; data/alpine-2.24+dfsg1/pith/ical.c:2390:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[200], *tzid; data/alpine-2.24+dfsg1/pith/imap.c:73:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static volatile char private_store[1024]; data/alpine-2.24+dfsg1/pith/init.c:136:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fld_dir[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/init.c:227:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[MAX_ADDRESS+1], domainname[MAX_ADDRESS+1]; data/alpine-2.24+dfsg1/pith/init.c:367:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char searchname[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/init.c:445:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[50]; data/alpine-2.24+dfsg1/pith/init.c:517:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spath[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/init.c:631:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[_MAX_PATH + 4]; data/alpine-2.24+dfsg1/pith/init.c:635:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fpath[MAXPATH], *fname; data/alpine-2.24+dfsg1/pith/keyword.c:396:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100], *p; data/alpine-2.24+dfsg1/pith/keyword.c:420:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[4]; data/alpine-2.24+dfsg1/pith/ldap.c:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ebuf[200]; data/alpine-2.24+dfsg1/pith/ldap.c:399:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ebuf[900]; data/alpine-2.24+dfsg1/pith/ldap.c:400:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[900]; data/alpine-2.24+dfsg1/pith/ldap.c:494:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/ldap.c:584:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostbuf[1024]; data/alpine-2.24+dfsg1/pith/ldap.c:612:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pmt[500]; data/alpine-2.24+dfsg1/pith/ldap.c:714:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filt_template[TEMPLATELEN + 1]; data/alpine-2.24+dfsg1/pith/ldap.c:715:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filt_format[2*TEMPLATELEN + 1]; data/alpine-2.24+dfsg1/pith/ldap.c:716:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filter[2*TEMPLATELEN + 1]; data/alpine-2.24+dfsg1/pith/ldap.c:717:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scp[2*TEMPLATELEN + 1]; data/alpine-2.24+dfsg1/pith/ldap.c:1237:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t[200]; data/alpine-2.24+dfsg1/pith/ldap.c:1453:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if((ldapport = atoi(q+1)) >= 0) data/alpine-2.24+dfsg1/pith/mailcap.c:146:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s, data/alpine-2.24+dfsg1/pith/mailcap.c:229:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filebuf[MAXPATH+1], *file_data; data/alpine-2.24+dfsg1/pith/mailcap.c:278:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tokens[MC_TOKEN_MAX]; data/alpine-2.24+dfsg1/pith/mailcap.c:559:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_subtype[256], tmp_ext[16], *ext = NULL; data/alpine-2.24+dfsg1/pith/mailcap.c:624:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char fake_cmd[1024]; data/alpine-2.24+dfsg1/pith/mailcap.c:625:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_mime_type[256]; data/alpine-2.24+dfsg1/pith/mailcmd.c:402:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expanded_file[MAX(MAXPATH,MAILTMPLEN)+1], data/alpine-2.24+dfsg1/pith/mailcmd.c:407:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char status_msg[81]; data/alpine-2.24+dfsg1/pith/mailcmd.c:410:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp1[MAILTMPLEN], tmp2[MAILTMPLEN], *lname, *mname; data/alpine-2.24+dfsg1/pith/mailcmd.c:450:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp3[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/mailcmd.c:1302:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_filename[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/mailcmd.c:1374:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff1[MAX_SCREEN_COLS+1], *moved_msg = NULL, data/alpine-2.24+dfsg1/pith/mailcmd.c:1379:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ing[4]; data/alpine-2.24+dfsg1/pith/mailcmd.c:1640:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seq[64]; data/alpine-2.24+dfsg1/pith/mailcmd.c:1837:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *xref, *p, *group, *uidp, data/alpine-2.24+dfsg1/pith/mailcmd.c:1946:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[80] = {'\0'}; data/alpine-2.24+dfsg1/pith/mailcmd.c:2238:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/alpine-2.24+dfsg1/pith/mailindx.c:156:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*answer, answer_default, sizeof(answer_default)); data/alpine-2.24+dfsg1/pith/mailindx.c:311:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss[100]; data/alpine-2.24+dfsg1/pith/mailindx.c:615:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char token[100 + 1]; data/alpine-2.24+dfsg1/pith/mailindx.c:715:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *w, hdrname[200]; data/alpine-2.24+dfsg1/pith/mailindx.c:787:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cdesc[column].req_width = atoi(q); data/alpine-2.24+dfsg1/pith/mailindx.c:796:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cdesc[column].req_width = atoi(q); data/alpine-2.24+dfsg1/pith/mailindx.c:813:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cdesc[column].hdrtok->fieldnum = atoi(q); data/alpine-2.24+dfsg1/pith/mailindx.c:885:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cdesc[column].req_width = atoi(q); data/alpine-2.24+dfsg1/pith/mailindx.c:889:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cdesc[column].req_width = atoi(q); data/alpine-2.24+dfsg1/pith/mailindx.c:1498:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/pith/mailindx.c:1515:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/pith/mailindx.c:2007:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[BIGWIDTH+1], to_us, status, *field, data/alpine-2.24+dfsg1/pith/mailindx.c:3053:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, buffer[BIGWIDTH+1]; data/alpine-2.24+dfsg1/pith/mailindx.c:3216:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char from[BIGWIDTH+1]; data/alpine-2.24+dfsg1/pith/mailindx.c:3217:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tcnt[50]; data/alpine-2.24+dfsg1/pith/mailindx.c:3799:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1025], *p; data/alpine-2.24+dfsg1/pith/mailindx.c:3934:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *h, *p, *q, *decoded, *fields[2]; data/alpine-2.24+dfsg1/pith/mailindx.c:4057:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pref, *h, *fields[2]; data/alpine-2.24+dfsg1/pith/mailindx.c:4119:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buftmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/mailindx.c:4213:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char year4[5], /* 4 digit year */ data/alpine-2.24+dfsg1/pith/mailindx.c:4292:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbuf[200]; data/alpine-2.24+dfsg1/pith/mailindx.c:4690:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbuf[200]; data/alpine-2.24+dfsg1/pith/mailindx.c:4853:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbuf[200], *Ddd, *ampm; data/alpine-2.24+dfsg1/pith/mailindx.c:4955:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbuf[200], *Ddd, *ampm; data/alpine-2.24+dfsg1/pith/mailindx.c:5217:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). v = atoi(hdrval); data/alpine-2.24+dfsg1/pith/mailindx.c:5410:11: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). retval = atol(fieldval); data/alpine-2.24+dfsg1/pith/mailindx.c:5873:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sep[200]; data/alpine-2.24+dfsg1/pith/mailindx.c:6532:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/pith/mailview.c:229:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char padding[1024]; data/alpine-2.24+dfsg1/pith/mailview.c:390:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numbuf[50]; data/alpine-2.24+dfsg1/pith/mailview.c:420:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16], color[64]; data/alpine-2.24+dfsg1/pith/mailview.c:906:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[6*MAX_SCREEN_COLS + 1], *tmpp; data/alpine-2.24+dfsg1/pith/mailview.c:1021:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numbuf[50]; data/alpine-2.24+dfsg1/pith/mailview.c:1068:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16], color[64]; data/alpine-2.24+dfsg1/pith/mailview.c:1228:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fbuf[FBUF_LEN+1]; data/alpine-2.24+dfsg1/pith/mailview.c:1304:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpfield[MAILTMPLEN+2]; /* copy of field with colon appended */ data/alpine-2.24+dfsg1/pith/mailview.c:1454:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[3] = {TAG_EMBED}; data/alpine-2.24+dfsg1/pith/mailview.c:1498:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, fg[RGBLEN + 1], bg[RGBLEN + 1], rgbbuf[RGBLEN + 1]; data/alpine-2.24+dfsg1/pith/mailview.c:1570:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char field[FBUF_LEN + 1]; data/alpine-2.24+dfsg1/pith/mailview.c:1571:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fg[RGBLEN + 1], bg[RGBLEN + 1], rgbbuf[RGBLEN + 1]; data/alpine-2.24+dfsg1/pith/mailview.c:1859:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256], color[256]; data/alpine-2.24+dfsg1/pith/mailview.c:2054:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char list[UES_LEN * UES_MAX]; data/alpine-2.24+dfsg1/pith/mailview.c:2416:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN+1]; data/alpine-2.24+dfsg1/pith/mailview.c:2711:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *q, *p2, buftmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/mailview.c:2839:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fbuf[FBUF_LEN+1]; data/alpine-2.24+dfsg1/pith/mailview.c:2884:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fbuf[FBUF_LEN+1]; data/alpine-2.24+dfsg1/pith/mailview.c:2929:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field, *fields[2]; data/alpine-2.24+dfsg1/pith/mailview.c:3107:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char save[2]; data/alpine-2.24+dfsg1/pith/mailview.c:3139:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/mailview.h:95:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char charset[CSET_MAX]; data/alpine-2.24+dfsg1/pith/margin.c:45:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[100], e[200], *err, lastchar = 0; data/alpine-2.24+dfsg1/pith/mimedesc.c:75:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numx[NUMXLEN], string[800], *description; data/alpine-2.24+dfsg1/pith/mimedesc.c:190:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp1[MAILTMPLEN], tmp2[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/mimedesc.c:344:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1000]; data/alpine-2.24+dfsg1/pith/mimedesc.c:451:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char body_type[TLEN + 1]; data/alpine-2.24+dfsg1/pith/mimedesc.c:517:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char type_d[200]; data/alpine-2.24+dfsg1/pith/mimedesc.c:587:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char decodebuf[10000]; data/alpine-2.24+dfsg1/pith/mimedesc.c:611:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[10], *p = NULL; data/alpine-2.24+dfsg1/pith/mimedesc.c:774:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buftmp[MAILTMPLEN], sizebuf[256]; data/alpine-2.24+dfsg1/pith/mimetype.c:100:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mimet[128]; data/alpine-2.24+dfsg1/pith/mimetype.c:173:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/pith/mimetype.c:270:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[LINE_BUF_SIZE]; data/alpine-2.24+dfsg1/pith/mimetype.c:332:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[LINE_BUF_SIZE]; data/alpine-2.24+dfsg1/pith/msgno.c:533:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char b[100]; data/alpine-2.24+dfsg1/pith/newmail.c:623:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, tmp[MAILTMPLEN+1], subj_leadin[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/news.c:117:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ng_error[90], *p1, *p2, *name, *end, *ep, **server, data/alpine-2.24+dfsg1/pith/osdep/canaccess.c:130:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAXPATH]; data/alpine-2.24+dfsg1/pith/osdep/canaccess.c:142:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path_copy[MAXPATH + 1], *p, *t; data/alpine-2.24+dfsg1/pith/osdep/canonicl.c:46:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/osdep/canonicl.c:48:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[2][NETMAXHOST+1]; data/alpine-2.24+dfsg1/pith/osdep/color.h:25:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fg[MAXCOLORLEN+1]; data/alpine-2.24+dfsg1/pith/osdep/color.h:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bg[MAXCOLORLEN+1]; data/alpine-2.24+dfsg1/pith/osdep/creatdir.c:80:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(dir, "XXXXXX"); data/alpine-2.24+dfsg1/pith/osdep/creatdir.c:96:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%x%x%x", (unsigned int)(random() % 256), (unsigned int)(random() % 256), data/alpine-2.24+dfsg1/pith/osdep/debugtime.c:43:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char timestring[23]; data/alpine-2.24+dfsg1/pith/osdep/debugtime.c:44:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subsecond[8]; data/alpine-2.24+dfsg1/pith/osdep/debugtime.c:45:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datestr[7]; data/alpine-2.24+dfsg1/pith/osdep/domnames.c:50:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *dn, hname[MAX_ADDRESS+1]; data/alpine-2.24+dfsg1/pith/osdep/domnames.c:135:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, hname[MAX_ADDRESS+1]; data/alpine-2.24+dfsg1/pith/osdep/err_desc.c:33:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[50+1]; data/alpine-2.24+dfsg1/pith/osdep/fnexpand.c:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_path[_MAX_PATH], home_buf[_MAX_PATH], *temp_home_str; data/alpine-2.24+dfsg1/pith/osdep/fnexpand.c:66:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[20], *tbuf; data/alpine-2.24+dfsg1/pith/osdep/forkwait.h:35:9: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define vfork fork data/alpine-2.24+dfsg1/pith/osdep/hostname.c:79:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/alpine-2.24+dfsg1/pith/osdep/mimedisp.c:201:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/alpine-2.24+dfsg1/pith/osdep/mimedisp.c:333:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR tmp[256]; data/alpine-2.24+dfsg1/pith/osdep/mimedisp.c:363:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR buf[64]; data/alpine-2.24+dfsg1/pith/osdep/mimedisp.c:385:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR keybuf[128]; data/alpine-2.24+dfsg1/pith/osdep/pipe.c:124:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdbuf[1024]; data/alpine-2.24+dfsg1/pith/osdep/pipe.c:127:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shellpath[MAXPATH+1], *shell; data/alpine-2.24+dfsg1/pith/osdep/pipe.c:339:24: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. if((syspipe->pid = vfork()) == 0){ data/alpine-2.24+dfsg1/pith/osdep/pipe.c:484:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ebuf[512]; data/alpine-2.24+dfsg1/pith/osdep/pw_stuff.c:45:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char fullname[MAX_FULLNAME+1]; data/alpine-2.24+dfsg1/pith/osdep/pw_stuff.c:116:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[_MAX_PATH], *p, *q; data/alpine-2.24+dfsg1/pith/osdep/pw_stuff.c:117:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR lptstr_buf[_MAX_PATH]; data/alpine-2.24+dfsg1/pith/osdep/pw_stuff.c:172:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lcase[256]; data/alpine-2.24+dfsg1/pith/osdep/tempfile.c:39:12: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). return(tmpfile()); data/alpine-2.24+dfsg1/pith/pattern.c:916:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPATH+1], buf[BUF_SIZE]; data/alpine-2.24+dfsg1/pith/pattern.c:991:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(atoi(PATTERN_FILE_VERS) < atoi(buf + len + 1)) data/alpine-2.24+dfsg1/pith/pattern.c:991:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(atoi(PATTERN_FILE_VERS) < atoi(buf + len + 1)) data/alpine-2.24+dfsg1/pith/pattern.c:1399:10: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atol(p); data/alpine-2.24+dfsg1/pith/pattern.c:1545:10: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atol(p); data/alpine-2.24+dfsg1/pith/pattern.c:1840:11: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). left = atol(q); data/alpine-2.24+dfsg1/pith/pattern.c:1855:16: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). right = atol(q); data/alpine-2.24+dfsg1/pith/pattern.c:1920:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lbuf[20], rbuf[20], buf[45], *p; data/alpine-2.24+dfsg1/pith/pattern.c:1972:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024], nbuf[10]; data/alpine-2.24+dfsg1/pith/pattern.c:2009:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, *q, *w, hdrname[200]; data/alpine-2.24+dfsg1/pith/pattern.c:2051:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). hdrtok->fieldnum = atoi(q); data/alpine-2.24+dfsg1/pith/pattern.c:2120:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ptr, buf[1024], nbuf[10], *p1, *p2, *p3; data/alpine-2.24+dfsg1/pith/pattern.c:2171:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). hdrtok->fieldnum = atoi(fn); data/alpine-2.24+dfsg1/pith/pattern.c:2362:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char copy[50]; /* local copy of label */ data/alpine-2.24+dfsg1/pith/pattern.c:2363:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char copynot[50]; /* local copy of label, NOT'ed */ data/alpine-2.24+dfsg1/pith/pattern.c:3962:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ptr, buf[256], *p1, *p2; data/alpine-2.24+dfsg1/pith/pattern.c:3981:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/pith/pattern.c:4045:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/pith/pattern.c:5433:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp1[MAILTMPLEN], tmp2[MAX(MAILTMPLEN,NETMAXMBX)]; data/alpine-2.24+dfsg1/pith/pattern.c:7004:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char busymsg[80]; data/alpine-2.24+dfsg1/pith/pattern.c:7907:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_SCREEN_COLS+1], sbuf[MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/pith/pattern.c:8026:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[150], *seq; data/alpine-2.24+dfsg1/pith/pattern.c:8126:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[200], c[200], *p; data/alpine-2.24+dfsg1/pith/remote.c:400:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sequence[20]; data/alpine-2.24+dfsg1/pith/remote.c:506:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir[MAXPATH+1], path[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/remote.c:621:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/remote.c:840:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/remote.c:996:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/remote.c:1240:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[200]; data/alpine-2.24+dfsg1/pith/remote.c:1428:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *fields[3], *values[3]; data/alpine-2.24+dfsg1/pith/remote.c:1709:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vers[50], *p; data/alpine-2.24+dfsg1/pith/remote.c:1786:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[200]; data/alpine-2.24+dfsg1/pith/remote.c:1825:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sequence[20]; data/alpine-2.24+dfsg1/pith/remote.c:1908:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ebuf[500]; data/alpine-2.24+dfsg1/pith/remote.c:2265:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[200]; data/alpine-2.24+dfsg1/pith/remote.c:2781:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *fields[3], *values[3], *h; data/alpine-2.24+dfsg1/pith/reply.c:256:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *h, *fields[2]; data/alpine-2.24+dfsg1/pith/reply.c:262:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, fname[32]; data/alpine-2.24+dfsg1/pith/reply.c:702:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *hdrs, *values[RESENTCC+1]; data/alpine-2.24+dfsg1/pith/reply.c:866:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *prefix, *repl, *p, buf[MAX_PREFIX+1], pbf[MAX_SUBSTITUTION+1]; data/alpine-2.24+dfsg1/pith/reply.c:893:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buftmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/reply.c:1778:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[100]; data/alpine-2.24+dfsg1/pith/reply.c:2046:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_DELIM+1]; data/alpine-2.24+dfsg1/pith/reply.c:2081:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buftmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/reply.c:2313:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, buftmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/reply.c:2371:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tmp_text, *section, sect_buf[256]; data/alpine-2.24+dfsg1/pith/reply.c:3058:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[PARTTMPLEN], *p = NULL; data/alpine-2.24+dfsg1/pith/reply.c:3113:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subsection[256], *subp; data/alpine-2.24+dfsg1/pith/reply.c:3379:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/alpine-2.24+dfsg1/pith/reply.c:3380:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rev[128]; data/alpine-2.24+dfsg1/pith/reply.c:3703:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix_buf[FWDTMPLEN]; data/alpine-2.24+dfsg1/pith/reply.c:3706:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *section, sect_buf[256]; data/alpine-2.24+dfsg1/pith/reply.c:3797:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_buf[FWDTMPLEN]; data/alpine-2.24+dfsg1/pith/rfc2231.c:57:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pieces[RFC2231_MAX]; data/alpine-2.24+dfsg1/pith/rfc2231.c:212:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[3], *p; data/alpine-2.24+dfsg1/pith/save.c:132:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fakedomain[2]; data/alpine-2.24+dfsg1/pith/save.c:134:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX(MAXFOLDER,MAX_NICKNAME) + 1]; data/alpine-2.24+dfsg1/pith/save.c:213:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *extras, *values[sizeof(fields)/sizeof(fields[0])]; data/alpine-2.24+dfsg1/pith/save.c:564:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dummymsg[1000]; data/alpine-2.24+dfsg1/pith/save.c:1096:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char section[64]; data/alpine-2.24+dfsg1/pith/save.c:1143:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/alpine-2.24+dfsg1/pith/save.c:1229:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char section[64]; data/alpine-2.24+dfsg1/pith/save.c:1304:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seq[20]; data/alpine-2.24+dfsg1/pith/save.c:1331:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/alpine-2.24+dfsg1/pith/save.c:1462:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *txtp, newsect[128]; data/alpine-2.24+dfsg1/pith/save.c:1472:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *subsect, boundary[BOUNDARYLEN]; data/alpine-2.24+dfsg1/pith/save.c:1616:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tmp, namebuf[MAILTMPLEN], descbuf[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/save.c:1725:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[100]; /* a number bigger than 68, we justify text here. */ data/alpine-2.24+dfsg1/pith/save.c:1733:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%*.*s", depth, depth, " "); data/alpine-2.24+dfsg1/pith/save.c:1808:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/send.c:221:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, *q, tmp[MAILTMPLEN], *fullname = NULL; data/alpine-2.24+dfsg1/pith/send.c:328:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *hdrs[2], *h, *charset; data/alpine-2.24+dfsg1/pith/send.c:454:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. p = (char *)rfc1522_decode_to_utf8((unsigned char*)bufp, len, values[i]); data/alpine-2.24+dfsg1/pith/send.c:627:31: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (*redraft_pos)->offset = atol(q1); data/alpine-2.24+dfsg1/pith/send.c:1108:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if((i = atoi(s+1)) && i < strlen(p)){ data/alpine-2.24+dfsg1/pith/send.c:1129:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if((nseq = atoi(seq)) && isdigit(*(seq = p)) data/alpine-2.24+dfsg1/pith/send.c:1555:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/alpine-2.24+dfsg1/pith/send.c:1685:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[200], *error_mess = NULL, *postcmd; data/alpine-2.24+dfsg1/pith/send.c:1861:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cmdlist[2]; data/alpine-2.24+dfsg1/pith/send.c:2245:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[50]; data/alpine-2.24+dfsg1/pith/send.c:2359:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *errstr, tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/send.c:2422:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg_buf[80]; data/alpine-2.24+dfsg1/pith/send.c:2847:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; /* make cookie not in BASE64 or QUOTEPRINT*/ data/alpine-2.24+dfsg1/pith/send.c:3167:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAX_SINGLE_ADDR], *tmpptr = NULL; data/alpine-2.24+dfsg1/pith/send.c:3169:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *delim, *ptmp, *mtmp, buftmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/send.c:3518:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sstring[MAILTMPLEN], *label; /* place to write */ data/alpine-2.24+dfsg1/pith/send.c:4246:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/send.c:4399:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/send.c:4461:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/send.c:5322:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *error_mess, error_buf[200], **news_servers; data/alpine-2.24+dfsg1/pith/send.c:5473:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[SENDTMPLEN]; data/alpine-2.24+dfsg1/pith/send.c:5506:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd_buf[256]; data/alpine-2.24+dfsg1/pith/send.c:5602:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[200]; data/alpine-2.24+dfsg1/pith/send.c:5732:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/send.c:5845:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, s, n); data/alpine-2.24+dfsg1/pith/send.c:5854:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((ret = sp = (char *) fs_get (n)), s, n); data/alpine-2.24+dfsg1/pith/send.c:5884:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, sp, n); /* copy first part */ data/alpine-2.24+dfsg1/pith/send.c:5885:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret + n, s, m); /* and second part */ data/alpine-2.24+dfsg1/pith/smime.c:118:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPATH+1], pathkey[MAXPATH+1], prompt[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/smime.c:204:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathdir[MAXPATH+1], pathkey[MAXPATH+1], fpath[MAXPATH+1], pathcert[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/smime.c:205:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fpath2[MAXPATH+1], prompt[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/smime.c:290:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN], *s, *t, c; data/alpine-2.24+dfsg1/pith/smime.c:450:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *path, buf[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/smime.c:493:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN], *s, *t; data/alpine-2.24+dfsg1/pith/smime.c:571:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pass[MAILTMPLEN+1]; data/alpine-2.24+dfsg1/pith/smime.c:609:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPATH+1], full_filename[MAXPATH+1], buf[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/smime.c:641:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char PrivateKeyPath[MAXPATH+1], PublicCertPath[MAXPATH+1], s[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/smime.c:642:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full_name_key[MAXPATH+1], full_name_cert[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/smime.c:644:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[500]; data/alpine-2.24+dfsg1/pith/smime.c:753:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/smime.c:762:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp2[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/smime.c:853:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[500], *s, *t; data/alpine-2.24+dfsg1/pith/smime.c:1064:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[RANDBUFLEN]; data/alpine-2.24+dfsg1/pith/smime.c:1094:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAXPATH]; data/alpine-2.24+dfsg1/pith/smime.c:1106:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fd = open(tmp, O_WRONLY|O_CREAT|O_EXCL, 0600)) < 0) data/alpine-2.24+dfsg1/pith/smime.c:1129:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[200]; data/alpine-2.24+dfsg1/pith/smime.c:1302:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[MAXPATH], *fname; data/alpine-2.24+dfsg1/pith/smime.c:1310:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[_MAX_PATH + 4]; data/alpine-2.24+dfsg1/pith/smime.c:1373:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPATH+1], *contents; data/alpine-2.24+dfsg1/pith/smime.c:1440:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPATH+1], *contents; data/alpine-2.24+dfsg1/pith/smime.c:1701:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char srcpath[MAXPATH+1], dstpath[MAXPATH+1], emailaddr[MAXPATH], file[MAXPATH], line[4096]; data/alpine-2.24+dfsg1/pith/smime.c:1709:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[_MAX_PATH + 4]; data/alpine-2.24+dfsg1/pith/smime.c:1951:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datebuf[200]; data/alpine-2.24+dfsg1/pith/smime.c:2012:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPATH+1], file[MAXPATH+1], buf[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/smime.c:2013:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iobuf[4096]; data/alpine-2.24+dfsg1/pith/smime.c:2412:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPATH]; data/alpine-2.24+dfsg1/pith/smime.c:2588:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPATH]; data/alpine-2.24+dfsg1/pith/smime.c:2744:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufcert[256], bufx[256]; data/alpine-2.24+dfsg1/pith/smime.c:3064:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newSec[100], *mimetext, *bodytext; data/alpine-2.24+dfsg1/pith/smime.c:3320:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char null[1]; data/alpine-2.24+dfsg1/pith/smime.c:3585:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newSec[100]; data/alpine-2.24+dfsg1/pith/smkeys.c:62:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/alpine-2.24+dfsg1/pith/smkeys.c:85:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/smkeys.c:86:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char passbackup[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/smkeys.c:146:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAXPATH+1], password[1024]; data/alpine-2.24+dfsg1/pith/smkeys.c:193:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fp = fopen(tmp, "w")) != NULL data/alpine-2.24+dfsg1/pith/smkeys.c:242:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fp = fopen(tmp, "w")) != NULL data/alpine-2.24+dfsg1/pith/smkeys.c:269:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/smkeys.c:300:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char p[MAXPATH+1]; /* path to where the backup is */ data/alpine-2.24+dfsg1/pith/smkeys.c:301:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPATH+1], buf2[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/smkeys.c:309:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufn[_MAX_PATH + 4]; data/alpine-2.24+dfsg1/pith/smkeys.c:351:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char clname[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/smkeys.c:496:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/pith/smkeys.c:571:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md[128]; data/alpine-2.24+dfsg1/pith/smkeys.c:635:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iobuf[4096]; data/alpine-2.24+dfsg1/pith/smkeys.c:636:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/smkeys.c:637:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/smkeys.c:692:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPATH], *fname; data/alpine-2.24+dfsg1/pith/smkeys.c:698:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufn[_MAX_PATH + 4]; data/alpine-2.24+dfsg1/pith/smkeys.c:836:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPATH], file[MAXPATH]; data/alpine-2.24+dfsg1/pith/smkeys.c:964:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPATH]; data/alpine-2.24+dfsg1/pith/smkeys.c:965:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fpath[MAXPATH]; data/alpine-2.24+dfsg1/pith/smkeys.c:1077:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datebuf[200]; data/alpine-2.24+dfsg1/pith/smkeys.c:1119:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char certfilename[MAXPATH]; data/alpine-2.24+dfsg1/pith/smkeys.c:1146:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char certfilename[MAXPATH]; data/alpine-2.24+dfsg1/pith/smkeys.c:1147:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char emailaddr[MAXPATH]; data/alpine-2.24+dfsg1/pith/smkeys.c:1292:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufn[_MAX_PATH + 4]; data/alpine-2.24+dfsg1/pith/smkeys.c:1299:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPATH+1], pathcert[MAXPATH+1], *fname; data/alpine-2.24+dfsg1/pith/smkeys.c:1484:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iobuf[4096]; data/alpine-2.24+dfsg1/pith/sort.c:99:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sort_msg[MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/pith/state.c:65:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_20k_buf[SIZEOF_20KBUF]; data/alpine-2.24+dfsg1/pith/state.h:108:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inbox_name[MAXFOLDER+1]; data/alpine-2.24+dfsg1/pith/state.h:109:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pine_pre_vers[10]; /* highest version previously run */ data/alpine-2.24+dfsg1/pith/state.h:110:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vers_internal[10]; data/alpine-2.24+dfsg1/pith/state.h:117:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cur_folder[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/state.h:120:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_unambig_folder[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/state.h:121:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_save_folder[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/state.h:279:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c_client_error[300]; /* when nowhow_error is set and PARSE */ data/alpine-2.24+dfsg1/pith/state.h:369:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_error[500]; data/alpine-2.24+dfsg1/pith/store.c:405:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char obuf[MAX(MB_LEN_MAX,32)]; data/alpine-2.24+dfsg1/pith/store.c:443:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char obuf[MAX(MB_LEN_MAX,32)]; data/alpine-2.24+dfsg1/pith/store.c:610:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(so->dp, s, slen); data/alpine-2.24+dfsg1/pith/store.c:670:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ch[1]; data/alpine-2.24+dfsg1/pith/store.c:687:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ch[1]; data/alpine-2.24+dfsg1/pith/stream.c:137:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp1[MAILTMPLEN], tmp2[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/stream.c:230:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/stream.c:814:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source[MAILTMPLEN], *target = NULL; data/alpine-2.24+dfsg1/pith/stream.c:878:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source[MAILTMPLEN], *target = NULL; data/alpine-2.24+dfsg1/pith/stream.c:945:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source[MAILTMPLEN], *target = NULL; data/alpine-2.24+dfsg1/pith/stream.c:946:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mailbox_nodelim[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/stream.c:1023:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source[MAILTMPLEN], *target = NULL; data/alpine-2.24+dfsg1/pith/stream.c:1105:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source[MAILTMPLEN], *target = NULL; data/alpine-2.24+dfsg1/pith/stream.c:1106:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mailbox_nodelim[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/stream.c:1619:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imap_cache_section[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/stream.c:1831:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source[MAILTMPLEN], *target = NULL; data/alpine-2.24+dfsg1/pith/stream.c:1911:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[2*MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/stream.c:1933:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source[MAILTMPLEN], *target = NULL; data/alpine-2.24+dfsg1/pith/stream.c:2261:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cn, tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/stream.c:3376:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/string.c:532:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[251]; data/alpine-2.24+dfsg1/pith/string.c:797:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[120]; data/alpine-2.24+dfsg1/pith/string.c:870:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[120]; data/alpine-2.24+dfsg1/pith/string.c:905:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[120]; data/alpine-2.24+dfsg1/pith/string.c:940:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[120]; data/alpine-2.24+dfsg1/pith/string.c:1000:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char digmon[3]; data/alpine-2.24+dfsg1/pith/string.c:1005:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). year = atoi(s); data/alpine-2.24+dfsg1/pith/string.c:1035:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). year = atoi(s + 4); data/alpine-2.24+dfsg1/pith/string.c:1162:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). d->day = atoi(p); data/alpine-2.24+dfsg1/pith/string.c:1183:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). d->day = atoi(p); data/alpine-2.24+dfsg1/pith/string.c:1194:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). d->hour = atoi(p); data/alpine-2.24+dfsg1/pith/string.c:1199:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). d->minute = atoi(p); data/alpine-2.24+dfsg1/pith/string.c:1203:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). d->sec = atoi(p); data/alpine-2.24+dfsg1/pith/string.c:1216:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). d->year = atoi(p); data/alpine-2.24+dfsg1/pith/string.c:1236:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). d->hour = atoi(p); data/alpine-2.24+dfsg1/pith/string.c:1241:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). d->minute = atoi(p); data/alpine-2.24+dfsg1/pith/string.c:1246:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). d->sec = atoi(p); data/alpine-2.24+dfsg1/pith/string.c:1266:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[3]; data/alpine-2.24+dfsg1/pith/string.c:1272:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). d->hours_off_gmt *= atoi(tmp); data/alpine-2.24+dfsg1/pith/string.c:1276:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). d->min_off_gmt *= atoi(tmp); data/alpine-2.24+dfsg1/pith/string.c:1312:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char datebuf[26]; data/alpine-2.24+dfsg1/pith/string.c:1396:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char bb[3][MAX_SCREEN_COLS+1]; data/alpine-2.24+dfsg1/pith/string.c:1425:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *a, aa[5]; data/alpine-2.24+dfsg1/pith/string.c:1428:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char string[10]; data/alpine-2.24+dfsg1/pith/string.c:1468:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char enth[10]; data/alpine-2.24+dfsg1/pith/string.c:1747:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char string[20]; data/alpine-2.24+dfsg1/pith/string.c:1757:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char string[20]; data/alpine-2.24+dfsg1/pith/string.c:1767:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char string[20]; data/alpine-2.24+dfsg1/pith/string.c:2932:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char symbols[8]; data/alpine-2.24+dfsg1/pith/takeaddr.c:871:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *h, *fields[2]; data/alpine-2.24+dfsg1/pith/takeaddr.c:876:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, fname[32]; data/alpine-2.24+dfsg1/pith/takeaddr.c:1822:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXLINESZ + 1]; data/alpine-2.24+dfsg1/pith/tempfile.c:36:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir[MAXPATH+1]; data/alpine-2.24+dfsg1/pith/text.c:407:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/alpine-2.24+dfsg1/pith/text.c:432:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buftmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/pith/text.c:474:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, color[64], buf[2048]; data/alpine-2.24+dfsg1/pith/text.c:642:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[500]; data/alpine-2.24+dfsg1/pith/text.c:644:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cestart[2 * RGBLEN + 5]; data/alpine-2.24+dfsg1/pith/text.c:645:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ceend[2 * RGBLEN + 5]; data/alpine-2.24+dfsg1/regex/engine.c:1034:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pbuf[10]; data/alpine-2.24+dfsg1/regex/engine.c:1037:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pbuf, "%c", ch); data/alpine-2.24+dfsg1/regex/engine.c:1039:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pbuf, "\\%o", ch); data/alpine-2.24+dfsg1/regex/regcomp.c:128:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char nuls[10]; /* place to point scanner in event of error */ data/alpine-2.24+dfsg1/regex/regcomp.c:927:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bracket[3]; data/alpine-2.24+dfsg1/regex/regcomp.c:970:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bracket[4]; data/alpine-2.24+dfsg1/regex/regcomp.c:1394:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy((char *)(p->strip + p->slen), data/alpine-2.24+dfsg1/regex/regerror.c:122:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char convbuf[50]; data/alpine-2.24+dfsg1/regex/regerror.c:135:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(convbuf, "REG_0x%x", target); data/alpine-2.24+dfsg1/regex/regerror.c:170:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(localbuf, "%d", r->code); data/alpine-2.24+dfsg1/regex/regexec.c:118:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define ASSIGN(d, s) memcpy(d, s, m->g->nstates) data/alpine-2.24+dfsg1/regex/utils.h:59:26: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define memmove(d, s, c) bcopy(s, d, c) data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:168:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char peCredentialRequestor[CRED_REQ_SIZE]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:259:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fg[7]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:260:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bg[7]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:261:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fgdef[7]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:262:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bgdef[7]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:331:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wtmp_20k_buf[20480]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:549:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *buf, sname[256]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:743:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbuf[5120]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:950:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tvname[256], asciicolor[256]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:1240:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:1252:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:1265:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char key[64]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:1537:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[50]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:1660:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tvname[256], hexcolor[256]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:1668:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexcolor[256], *tstr = NULL; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:1731:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *vallist, *varname, tmperrmsg[256]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:2014:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **help_text, **ptext, *helpname, tmperrmsg[256], data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:2203:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tvname[256], asciicolor[256]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3086:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tpath[MAILTMPLEN], *p; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3193:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tvname[256], hexcolor[256]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3201:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexcolor[256], *tstr = NULL; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3606:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *nick, *server, *path, *view, context_buf[MAILTMPLEN*4]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3710:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datebuf[200], *sig, *line; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3823:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fp = fopen(rd->lf, "w")) != NULL) data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:4036:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char putenvbuf[PUTENV_MAX]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:4145:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN], *p; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:4235:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAILTMPLEN], *p; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:4280:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1025]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:4565:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(path + size, portion, len); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:4580:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *op, errbuf[256], *err = "Unknown PEFolder request"; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:4647:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tpath[MAILTMPLEN], *p; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:4709:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char delim[2] = {'\0', '\0'}; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:4744:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *folder, tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:4942:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *folder, *dfile, seq[64], tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:5052:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *folder, *sfile, seq[64]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:5183:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[3], *p; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:5546:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *op, errbuf[256], *err = "Unknown PEMailbox operation"; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:5804:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stat[3]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:5971:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subject[500], subjtxt[500], from[500], intro[500], *s = ""; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:6861:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tense, *year, *month, *day, buf[256]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:7133:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:7366:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[WP_MAX_POST_ERROR + 1], *rs = NULL; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:7435:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:7452:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *name, wbuf[4], *dname; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:7692:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *err, errbuf[256], *cmd, *op; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:7722:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tstr[WP_MAX_THRD_PREFIX]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:7857:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *err, errbuf[256], *cmd; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:8152:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *line, *p, *tp, *tp2, col1[32], col2[32]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:8446:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(b + strlen(b), "%2.2x", color); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:8517:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:8554:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:8574:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p2, buftmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:8696:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field, *fields[2]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:8814:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAILTMPLEN]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:8867:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:8978:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:9063:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:9096:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cid, sect_buf[256]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:9125:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subsection[256], *subp; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:9143:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(subp, "%d", n++); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:9334:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ep, "%.*s", ie->wid, ie->data); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:9349:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexcolor[32]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:9415:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexfg[32], hexbg[32]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:9467:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[36]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:10427:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extbuf[32]; /* mailcap.c limits to three */ data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:10483:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, *sval, nbuf[128]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:10853:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). && (rv = atoi(pine_state->VAR_TCPOPENTIMEO)) > 4) data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:10858:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). && ((rv = atoi(pine_state->VAR_RSHOPENTIMEO)) == 0 || rv > 4)) data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:10862:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). && ((rv = atoi(pine_state->VAR_SSHOPENTIMEO)) == 0 || rv > 4)) data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:10924:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int w = atoi(wps_global->VAR_WP_COLUMNS); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:11026:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[CRED_REQ_SIZE]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:11782:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errp, "Send Error: %.*s", 64, wps_global->last_error); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:11785:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errp, "Send Error: %.*s", 64, wps_global->c_client_error); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:11788:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(errp, "Sending Failure"); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:11794:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(errp, "Fcc Failed!. No message saved."); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:11831:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(errp, "Can't open Fcc"); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:11964:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uidbuf[MAILTMPLEN], *p; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:12188:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *name, *rs, path_in_context[MAILTMPLEN]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:12314:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(err = wtmp_20k_buf, "Unknown attachment ID"); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:12332:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(err = wtmp_20k_buf, "Unrecognized Fcc specification"); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:12349:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(err = wtmp_20k_buf, "Malformed Post Option: fcc-without-attachments"); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:12429:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(err = wtmp_20k_buf, "Malformed Post Option"); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:12508:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(*valp = fs_get((vl + 1) * sizeof(char)), "%.*s", vl, value); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:12512:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(valcpy = fs_get((vl + 1) * sizeof(char)), "%.*s", vl, value); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:12544:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[WP_MAX_POST_ERROR + 1], *charset; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:12554:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(err = wtmp_20k_buf, "Address must be fully qualified."); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:12870:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:12980:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256], *s; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:13035:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256], *s; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:13576:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *nick, buf[256]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:13634:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *nick, *fn, *fcc, *comment, *addrfield, data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:14184:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char asciicolor[256]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:14196:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char asciicolor[256]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:14208:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). long scoreval = (long) atoi(actval); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:14686:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *nick, *server, *path, *view, data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15249:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). whichi = atoi(tmp); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15257:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). whichj = atoi(tmp); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15372:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(atoi(tmp) == i) numset++; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15391:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(atoi(tmp) == i) setit++; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15402:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lset[i][j++] = atoi(tmp); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15695:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path2[MAXPATH+1], tmp[21]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15770:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tstr, *p, *p2, tbuf[256]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15773:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(hexcolor, "000000"); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15779:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(tbuf); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15780:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(hexcolor, "%2.2x", i); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15785:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(tbuf); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15786:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(hexcolor+2, "%2.2x", i); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15789:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(tbuf); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15790:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(hexcolor+4, "%2.2x", i); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15818:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(acolor, "%3.3d,", i); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15824:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(acolor+4, "%3.3d,", i); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15830:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(acolor+8, "%3.3d", i); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15877:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t,*t1,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15993:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subject[MAILTMPLEN+1], subjtext[MAILTMPLEN+1], from[MAILTMPLEN+1], data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:16208:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rev[128]; data/alpine-2.24+dfsg1/web/src/alpined.d/alpineldap.c:79:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char peCredentialRequestor[CRED_REQ_SIZE]; data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:303:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cbuf[12]; data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:309:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cbuf, "color%3.3d", color); data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:326:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char c_to_a_buf[3][RGBLEN+1]; data/alpine-2.24+dfsg1/web/src/alpined.d/debug.c:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt2[MAX_DEBUG_FMT], *p, *q, *trailing = NULL; data/alpine-2.24+dfsg1/web/src/alpined.d/imap.c:75:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[300]; data/alpine-2.24+dfsg1/web/src/alpined.d/imap.c:278:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(user, "anonymous"); data/alpine-2.24+dfsg1/web/src/alpined.d/ldap.c:95:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char adrstr[1024]; data/alpine-2.24+dfsg1/web/src/alpined.d/ldap.c:105:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(adrstr, "(mail=%.500s@%.500s)", mailbox, host); data/alpine-2.24+dfsg1/web/src/alpined.d/remote.c:40:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[2000]; data/alpine-2.24+dfsg1/web/src/alpined.d/wpcomm.c:70:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[READBUF], lbuf[32], *errbuf = NULL, rbuf[RESULT_MAX], *fname, *cmd; data/alpine-2.24+dfsg1/web/src/alpined.d/wpcomm.c:79:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. && (cmd = (char *) Tcl_GetByteArrayFromObj(objv[2], &wlen))){ data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:61:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:68:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&auth_gss_proxy_mech,&gss_mech_krb5,sizeof (gss_OID)); data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:69:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&auth_gss_proxy_mech_set,&gss_mech_set_krb5,sizeof (gss_OID_set)); data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:129:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[MAILTMPLEN]; data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:182:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"auth_gss_proxy: read error: %lu out of %lu", data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:187:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"auth_gss_proxy: could not spawn proxy process"); data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:198:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"auth_gss_proxy: read error: %lu out of %lu", data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:230:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"auth_gss_proxy: read error: %lu out of %lu", data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:245:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (err,"auth_gss_proxy: unknown command: %lu",cmd[0]); data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:270:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s,tmp[MAILTMPLEN]; data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:319:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (resp.value = tmp,(void *) &maxsize,resp.length = 4); data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:328:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. && memcpy (tmp,chal.value,chal.length) && data/alpine-2.24+dfsg1/web/src/pubcookie/id_table.c:25:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1]; data/alpine-2.24+dfsg1/web/src/pubcookie/id_table.c:172:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e->name,name,size + 1); data/alpine-2.24+dfsg1/web/src/pubcookie/id_table.c:204:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[NAME_MAX + 7]; data/alpine-2.24+dfsg1/web/src/pubcookie/id_table.c:218:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(path,"/proc/",6); data/alpine-2.24+dfsg1/web/src/pubcookie/id_table.c:268:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(kep->key,key,(WP_KEY_LEN * sizeof(unsigned int))); data/alpine-2.24+dfsg1/web/src/pubcookie/wp_gssapi_proxy.c:43:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name,pw->pw_name,len); data/alpine-2.24+dfsg1/web/src/pubcookie/wp_gssapi_proxy.c:156:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char userbuf[WP_BUF_SIZE]; data/alpine-2.24+dfsg1/web/src/pubcookie/wp_gssapi_proxy.c:311:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf.value,resp.value,4); data/alpine-2.24+dfsg1/web/src/pubcookie/wp_gssapi_proxy.c:314:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if(user) memcpy((char*)buf.value + 4, user, buf.length - 4); data/alpine-2.24+dfsg1/web/src/pubcookie/wp_tclsh.c:82:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *user,sessid[WP_BUF_SIZE],*cookie; data/alpine-2.24+dfsg1/web/src/pubcookie/wp_uidmapper.c:61:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rbuf[WP_BUF_SIZE],cbuf[WP_BUF_SIZE],rcmd; data/alpine-2.24+dfsg1/web/src/pubcookie/wp_uidmapper.c:242:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sbuf[2 * WP_BUF_SIZE],*sep = strerror(errno); data/alpine-2.24+dfsg1/web/src/pubcookie/wp_uidmapper.c:245:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sbuf + strlen(sbuf), "%u,", kbuf[i]); data/alpine-2.24+dfsg1/web/src/pubcookie/wp_umc.c:20:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[WP_BUF_SIZE],sessid[WP_BUF_SIZE]; data/alpine-2.24+dfsg1/alpine/addrbook.c:599:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(writeptr, string, LSPACE()); data/alpine-2.24+dfsg1/alpine/addrbook.c:609:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *e_hilite = writeptr + strlen(writeptr); data/alpine-2.24+dfsg1/alpine/addrbook.c:612:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writeptr += strlen(writeptr); data/alpine-2.24+dfsg1/alpine/addrbook.c:636:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(writeptr, string, LSPACE()); data/alpine-2.24+dfsg1/alpine/addrbook.c:646:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *e_hilite = writeptr + strlen(writeptr); data/alpine-2.24+dfsg1/alpine/addrbook.c:649:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writeptr += strlen(writeptr); data/alpine-2.24+dfsg1/alpine/addrbook.c:694:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writeptr += strlen(writeptr); data/alpine-2.24+dfsg1/alpine/addrbook.c:715:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writeptr += strlen(writeptr); data/alpine-2.24+dfsg1/alpine/addrbook.c:732:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writeptr += strlen(writeptr); data/alpine-2.24+dfsg1/alpine/addrbook.c:738:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(width2 && LSPACE() >= strlen(_("(continued)"))){ data/alpine-2.24+dfsg1/alpine/addrbook.c:739:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(writeptr, _("(continued)"), width2); data/alpine-2.24+dfsg1/alpine/addrbook.c:741:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writeptr += strlen(writeptr); data/alpine-2.24+dfsg1/alpine/addrbook.c:768:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(writeptr, string, LSPACE()); data/alpine-2.24+dfsg1/alpine/addrbook.c:772:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *e_hilite = writeptr + strlen(writeptr); data/alpine-2.24+dfsg1/alpine/addrbook.c:775:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writeptr += strlen(writeptr); data/alpine-2.24+dfsg1/alpine/addrbook.c:787:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(special, string, sizeof(special)); data/alpine-2.24+dfsg1/alpine/addrbook.c:806:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writeptr += strlen(writeptr); data/alpine-2.24+dfsg1/alpine/addrbook.c:824:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writeptr += strlen(writeptr); data/alpine-2.24+dfsg1/alpine/addrbook.c:837:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *e_hilite = writeptr + strlen(writeptr); data/alpine-2.24+dfsg1/alpine/addrbook.c:840:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writeptr += strlen(writeptr); data/alpine-2.24+dfsg1/alpine/addrbook.c:865:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writeptr += strlen(writeptr); data/alpine-2.24+dfsg1/alpine/addrbook.c:889:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writeptr += strlen(writeptr); data/alpine-2.24+dfsg1/alpine/addrbook.c:913:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writeptr += strlen(writeptr); data/alpine-2.24+dfsg1/alpine/addrbook.c:936:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(special, string, sizeof(special)); data/alpine-2.24+dfsg1/alpine/addrbook.c:971:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(writeptr, special, LSPACE()); data/alpine-2.24+dfsg1/alpine/addrbook.c:978:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *e_hilite = writeptr + strlen(writeptr); data/alpine-2.24+dfsg1/alpine/addrbook.c:981:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writeptr += strlen(writeptr); data/alpine-2.24+dfsg1/alpine/addrbook.c:3138:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nickbuf, data/alpine-2.24+dfsg1/alpine/addrbook.c:3193:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while(abe && avail < (size_t)strlen(a_string)+1){ data/alpine-2.24+dfsg1/alpine/addrbook.c:3200:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(to, a_string, alloced); data/alpine-2.24+dfsg1/alpine/addrbook.c:3204:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(to, ",", alloced-strlen(to)-1); data/alpine-2.24+dfsg1/alpine/addrbook.c:3204:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(to, ",", alloced-strlen(to)-1); data/alpine-2.24+dfsg1/alpine/addrbook.c:3205:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(to, a_string, alloced-strlen(to)-1); data/alpine-2.24+dfsg1/alpine/addrbook.c:3205:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(to, a_string, alloced-strlen(to)-1); data/alpine-2.24+dfsg1/alpine/addrbook.c:3208:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). avail -= (strlen(a_string) + 1); data/alpine-2.24+dfsg1/alpine/addrbook.c:3294:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 4*strlen(addr)+1; data/alpine-2.24+dfsg1/alpine/addrbook.c:5694:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((n = 4*strlen(abe->extra)) > SIZEOF_20KBUF-1){ data/alpine-2.24+dfsg1/alpine/addrbook.c:6324:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(search_string, p, sizeof(search_string)); data/alpine-2.24+dfsg1/alpine/addrbook.c:6419:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nsearch_string, p, sizeof(nsearch_string)); data/alpine-2.24+dfsg1/alpine/addrbook.c:6429:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nsearch_string, p, sizeof(nsearch_string)); data/alpine-2.24+dfsg1/alpine/addrbook.c:6449:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(search_string, nsearch_string, sizeof(search_string)-1); data/alpine-2.24+dfsg1/alpine/addrbook.c:6829:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((n = 4*strlen(abe->extra)) > SIZEOF_20KBUF-1){ data/alpine-2.24+dfsg1/alpine/addrbook.c:7066:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ALC_INCLUDE_ADDRS | ((strlen(prefix) >= 3) ? ALC_INCLUDE_LDAP : 0)); data/alpine-2.24+dfsg1/alpine/addrbook.c:7102:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(unambig, prefix, sizeof(unambig)); data/alpine-2.24+dfsg1/alpine/addrbook.c:7104:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). k = strlen(unambig); data/alpine-2.24+dfsg1/alpine/addrbook.c:7113:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (!(cp->matches_bitmap & ALC_NICK) || (cp->nickname && strlen(cp->nickname) >= k && !struncmp(unambig, cp->nickname, k))) data/alpine-2.24+dfsg1/alpine/addrbook.c:7115:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (!(cp->matches_bitmap & ALC_ADDR) || (cp->addr && strlen(cp->addr) >= k && !struncmp(unambig, cp->addr, k))) data/alpine-2.24+dfsg1/alpine/addrbook.c:7117:113: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (!(cp->matches_bitmap & (ALC_FULL | ALC_REVFULL)) || ((cp->matches_bitmap & ALC_FULL && cp->full_address && strlen(cp->full_address) >= k && !struncmp(unambig, cp->full_address, k)) || (cp->matches_bitmap & ALC_REVFULL && cp->rev_fullname && strlen(cp->rev_fullname) >= k && !struncmp(unambig, cp->rev_fullname, k)))) data/alpine-2.24+dfsg1/alpine/addrbook.c:7117:247: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (!(cp->matches_bitmap & (ALC_FULL | ALC_REVFULL)) || ((cp->matches_bitmap & ALC_FULL && cp->full_address && strlen(cp->full_address) >= k && !struncmp(unambig, cp->full_address, k)) || (cp->matches_bitmap & ALC_REVFULL && cp->rev_fullname && strlen(cp->rev_fullname) >= k && !struncmp(unambig, cp->rev_fullname, k)))) data/alpine-2.24+dfsg1/alpine/addrbook.c:7125:76: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(completions->matches_bitmap & ALC_NICK && completions->nickname && strlen(completions->nickname) >= k) data/alpine-2.24+dfsg1/alpine/addrbook.c:7127:77: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(completions->matches_bitmap & ALC_ADDR && completions->addr && strlen(completions->addr) >= k) data/alpine-2.24+dfsg1/alpine/addrbook.c:7130:77: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(completions->matches_bitmap & ALC_FULL && completions->full_address && strlen(completions->full_address) >= k) data/alpine-2.24+dfsg1/alpine/addrbook.c:7133:80: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(completions->matches_bitmap & ALC_REVFULL && completions->rev_fullname && strlen(completions->rev_fullname) >= k) data/alpine-2.24+dfsg1/alpine/addrbook.c:7149:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (!(cp->matches_bitmap & ALC_NICK) || (cp->nickname && strlen(cp->nickname) >= k && cp->nickname[k] == cand1_kth_char)) data/alpine-2.24+dfsg1/alpine/addrbook.c:7151:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (!(cp->matches_bitmap & ALC_ADDR) || (cp->addr && strlen(cp->addr) >= k && cp->addr[k] == cand1_kth_char)) data/alpine-2.24+dfsg1/alpine/addrbook.c:7153:117: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (!(cp->matches_bitmap & (ALC_FULL | ALC_REVFULL)) || ((cp->matches_bitmap & ALC_FULL && cp->full_address && strlen(cp->full_address) >= k && cp->full_address[k] == cand1_kth_char) || (cp->matches_bitmap & ALC_REVFULL && cp->rev_fullname && strlen(cp->rev_fullname) >= k && cp->rev_fullname[k] == cand1_kth_char))) data/alpine-2.24+dfsg1/alpine/addrbook.c:7153:249: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (!(cp->matches_bitmap & (ALC_FULL | ALC_REVFULL)) || ((cp->matches_bitmap & ALC_FULL && cp->full_address && strlen(cp->full_address) >= k && cp->full_address[k] == cand1_kth_char) || (cp->matches_bitmap & ALC_REVFULL && cp->rev_fullname && strlen(cp->rev_fullname) >= k && cp->rev_fullname[k] == cand1_kth_char))) data/alpine-2.24+dfsg1/alpine/addrbook.c:7161:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (!(cp->matches_bitmap & ALC_NICK) || (cp->nickname && strlen(cp->nickname) >= k && cp->nickname[k] == cand2_kth_char)) data/alpine-2.24+dfsg1/alpine/addrbook.c:7163:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (!(cp->matches_bitmap & ALC_ADDR) || (cp->addr && strlen(cp->addr) >= k && cp->addr[k] == cand2_kth_char)) data/alpine-2.24+dfsg1/alpine/addrbook.c:7165:117: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (!(cp->matches_bitmap & (ALC_FULL | ALC_REVFULL)) || ((cp->matches_bitmap & ALC_FULL && cp->full_address && strlen(cp->full_address) >= k && cp->full_address[k] == cand2_kth_char) || (cp->matches_bitmap & ALC_REVFULL && cp->rev_fullname && strlen(cp->rev_fullname) >= k && cp->rev_fullname[k] == cand2_kth_char))) data/alpine-2.24+dfsg1/alpine/addrbook.c:7165:249: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (!(cp->matches_bitmap & (ALC_FULL | ALC_REVFULL)) || ((cp->matches_bitmap & ALC_FULL && cp->full_address && strlen(cp->full_address) >= k && cp->full_address[k] == cand2_kth_char) || (cp->matches_bitmap & ALC_REVFULL && cp->rev_fullname && strlen(cp->rev_fullname) >= k && cp->rev_fullname[k] == cand2_kth_char))) data/alpine-2.24+dfsg1/alpine/addrbook.c:7196:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l1 = strlen(saved_beginning); data/alpine-2.24+dfsg1/alpine/addrbook.c:7197:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l2 = strlen(potential_answer); data/alpine-2.24+dfsg1/alpine/addrbook.c:7199:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*answer, saved_beginning, l1+l2); data/alpine-2.24+dfsg1/alpine/addrbook.c:7200:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*answer+l1, potential_answer, l2); data/alpine-2.24+dfsg1/alpine/addrbook.c:7427:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(title, (as.config) data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:365:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !strncmp(line, AB_COMMENT_STR, strlen(AB_COMMENT_STR))) data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:584:90: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!strncmp(headents[j].name, "Address", 7) || !strncmp(headents[j].name, _("Address"), strlen(_("Address")))) data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:586:97: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(!strncmp(headents[j].name, "Fullname", 8) || !strncmp(headents[j].name, _("Fullname"), strlen(_("Fullname")))) data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:1101:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length += (strlen(*p) + 2); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:1752:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(titlebar, _("CHANGE ADDRESS BOOK"), sizeof(titlebar)); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:1755:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(titlebar, _("ADD ADDRESS BOOK"), sizeof(titlebar)); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:1951:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(server[0] == '{' && server[strlen(server)-1] == '}'){ data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:1954:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). server[strlen(server)-1] = '\0'; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2131:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(local_file, pab->filename, sizeof(local_file)-1); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2140:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rem_abook, rem_folder_prefix, sizeof(rem_abook)-3); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2163:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). offset = strlen(rem_abook); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2178:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(rem_abook, p+1, data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2179:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(rem_abook)-1-strlen(rem_abook)); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2181:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(rem_abook, DEF_ABOOK_NAME, data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2182:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(rem_abook)-1-strlen(rem_abook)); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2188:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nick = (char *)fs_get((MAX(strlen(pab->abnick),strlen("Address Book"))+8) * sizeof(char)); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2188:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nick = (char *)fs_get((MAX(strlen(pab->abnick),strlen("Address Book"))+8) * sizeof(char)); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2226:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rem_abook, file, sizeof(rem_abook)-1); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2254:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rem_folder_prefix+1, beg+1, MIN(end-beg,len-2)); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2310:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(sigfile && *sigfile && !litsig && sigfile[strlen(sigfile)-1] != '|' && data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2328:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sigfile[strlen(sigfile)-1] != '|' && data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2382:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(sigfile && *sigfile && !litsig && sigfile[strlen(sigfile)-1] != '|' && data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2471:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sigfile[strlen(sigfile)-1] != '|' && data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2700:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rem_pinerc_prefix+1, beg+1, data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2745:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rem_pinerc, rem_pinerc_prefix, sizeof(rem_pinerc)-1); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2767:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). offset = strlen(rem_pinerc); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2798:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = rem_pinerc + strlen(rem_pinerc) - 1; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2805:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(rem_pinerc, DEF_FOLDER_NAME, data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:2806:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(rem_pinerc) - strlen(rem_pinerc) - 1); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:3260:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(warning, _("Can't delete address book data"), 100); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:4024:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while(abe && avail < (size_t)strlen(a_string)+1){ data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:4031:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(to, a_string, alloced); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:4035:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(to, ",", alloced-strlen(to)-1); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:4035:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(to, ",", alloced-strlen(to)-1); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:4037:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(to, a_string, alloced-strlen(to)-1); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:4037:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(to, a_string, alloced-strlen(to)-1); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:4041:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). avail -= (strlen(a_string) + 1); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:4336:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 4*strlen(addr)+1; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:4418:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 4*strlen(addr)+1; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:4724:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen((char *)so_text((STORE_S *)pb->contents.text.data)); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:4838:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length += (strlen(*ll) + 2); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:4970:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(eol, "\r\n", sizeof(eol)); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:4972:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(eol, "\n", sizeof(eol)); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:5324:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(warn[how_many_dups], warning, MAX_NICKNAME); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:5359:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(warn[how_many_dups], warning, MAX_NICKNAME); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:5669:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(warn, abe1->nickname, MAX_NICKNAME); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:5817:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length += (strlen(*ll) + 2); data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:5885:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((n = 4*strlen(tmp)) > SIZEOF_20KBUF-1){ data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:6751:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(((sq->cn ? strlen(sq->cn) : 0) + data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:6752:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (sq->sn ? strlen(sq->sn) : 0) + data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:6753:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (sq->gn ? strlen(sq->gn) : 0) + data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:6754:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (sq->mail ? strlen(sq->mail) : 0) + data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:6755:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (sq->org ? strlen(sq->org) : 0) + data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:6756:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (sq->unit ? strlen(sq->unit) : 0) + data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:6757:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (sq->country ? strlen(sq->country) : 0) + data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:6758:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (sq->state ? strlen(sq->state) : 0) + data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:6759:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (sq->locality ? strlen(sq->locality) : 0)) > FILTSIZE - 100){ data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:7027:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(mail[num]->bv_val) + 1; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:7056:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(givenname[0]->bv_val) + strlen(sn[0]->bv_val) + 1; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:7056:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(givenname[0]->bv_val) + strlen(sn[0]->bv_val) + 1; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:7268:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(enc_addr) + 7; data/alpine-2.24+dfsg1/alpine/adrbkcmd.c:7293:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int) strlen(buf), buf, vals[i]->bv_val, data/alpine-2.24+dfsg1/alpine/alpine.c:239:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += (strlen(argv[i] ? argv[i] : "")+3); data/alpine-2.24+dfsg1/alpine/alpine.c:242:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(no_args); data/alpine-2.24+dfsg1/alpine/alpine.c:251:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p); data/alpine-2.24+dfsg1/alpine/alpine.c:255:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(args_for_debug, no_args, len+2-strlen(args_for_debug)-1); data/alpine-2.24+dfsg1/alpine/alpine.c:255:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(args_for_debug, no_args, len+2-strlen(args_for_debug)-1); data/alpine-2.24+dfsg1/alpine/alpine.c:320:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strlen(s) >= 5 data/alpine-2.24+dfsg1/alpine/alpine.c:321:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && !strucmp(s+strlen(s)-5, "UTF-8")) data/alpine-2.24+dfsg1/alpine/alpine.c:712:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(tmp_20k_buf, _("Security alert: SSL maximum encryption version was set to SSLv3."), SIZEOF_20KBUF); data/alpine-2.24+dfsg1/alpine/alpine.c:806:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pine_state->inbox_name, INBOX_NAME, data/alpine-2.24+dfsg1/alpine/alpine.c:962:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ps_global->cur_folder, args.data.file, data/alpine-2.24+dfsg1/alpine/alpine.c:1020:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(p->name) + 2; data/alpine-2.24+dfsg1/alpine/alpine.c:1025:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(to, ", ", len+5-strlen(to)-1); data/alpine-2.24+dfsg1/alpine/alpine.c:1025:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(to, ", ", len+5-strlen(to)-1); data/alpine-2.24+dfsg1/alpine/alpine.c:1029:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(to, p->name, len+5-strlen(to)-1); data/alpine-2.24+dfsg1/alpine/alpine.c:1029:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(to, p->name, len+5-strlen(to)-1); data/alpine-2.24+dfsg1/alpine/alpine.c:1130:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buf1, _("Executing Initial Keystroke List......"), sizeof(buf1)); data/alpine-2.24+dfsg1/alpine/alpine.c:1178:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buf1, _("Please wait, opening mail folder......"), sizeof(buf1)); data/alpine-2.24+dfsg1/alpine/alpine.c:1220:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(foldername, fldr, sizeof(foldername)-1); data/alpine-2.24+dfsg1/alpine/alpine.c:1553:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rv = read(PIPED_FD, c, 1); data/alpine-2.24+dfsg1/alpine/alpine.c:2208:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(name, ">", sizeof(name)); data/alpine-2.24+dfsg1/alpine/alpine.c:2748:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). input = (char *)fs_get((strlen(*apval ? *apval : "")+1) * data/alpine-2.24+dfsg1/alpine/alpine.c:3027:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(*p) == 1){ data/alpine-2.24+dfsg1/alpine/alpine.c:3049:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(strlen(*p) == 2 && **p == '^') data/alpine-2.24+dfsg1/alpine/alpine.c:3065:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(**p == '"' && (*p)[lpm1 = strlen(*p) - 1] == '"'){ data/alpine-2.24+dfsg1/alpine/alpine.c:3334:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(msg, pf, sizeof(msg)); data/alpine-2.24+dfsg1/alpine/alpine.c:3337:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(msg, " -- ", sizeof(msg)-strlen(msg)-1); data/alpine-2.24+dfsg1/alpine/alpine.c:3337:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(msg, " -- ", sizeof(msg)-strlen(msg)-1); data/alpine-2.24+dfsg1/alpine/alpine.c:3339:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(msg, final_msg, sizeof(msg)-strlen(msg)-1); data/alpine-2.24+dfsg1/alpine/alpine.c:3339:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(msg, final_msg, sizeof(msg)-strlen(msg)-1); data/alpine-2.24+dfsg1/alpine/alpine.c:3701:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(title, _("PC-Alpine MAIN MENU Help"), 256); data/alpine-2.24+dfsg1/alpine/arg.c:229:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(len + strlen(prefix) + strlen(s+1) > 74 ){ data/alpine-2.24+dfsg1/alpine/arg.c:229:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(len + strlen(prefix) + strlen(s+1) > 74 ){ data/alpine-2.24+dfsg1/alpine/arg.c:231:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). options[nlines] = fs_get((strlen(prefix) + strlen(s+1) + 3)*sizeof(char)); data/alpine-2.24+dfsg1/alpine/arg.c:231:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). options[nlines] = fs_get((strlen(prefix) + strlen(s+1) + 3)*sizeof(char)); data/alpine-2.24+dfsg1/alpine/arg.c:247:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(options[nlines]); data/alpine-2.24+dfsg1/alpine/arg.c:833:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path, str, sizeof(path)-1); data/alpine-2.24+dfsg1/alpine/arg.c:879:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path, str, sizeof(path)-1); data/alpine-2.24+dfsg1/alpine/arg.c:1000:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(list, ",", sizeof(list)-strlen(list)-1); data/alpine-2.24+dfsg1/alpine/arg.c:1000:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(list, ",", sizeof(list)-strlen(list)-1); data/alpine-2.24+dfsg1/alpine/arg.c:1004:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(list, "use-function-keys", sizeof(list)-strlen(list)-1); data/alpine-2.24+dfsg1/alpine/arg.c:1004:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(list, "use-function-keys", sizeof(list)-strlen(list)-1); data/alpine-2.24+dfsg1/alpine/arg.c:1010:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(list, ",", sizeof(list)-strlen(list)-1); data/alpine-2.24+dfsg1/alpine/arg.c:1010:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(list, ",", sizeof(list)-strlen(list)-1); data/alpine-2.24+dfsg1/alpine/arg.c:1014:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(list, "enable-suspend", sizeof(list)-strlen(list)-1); data/alpine-2.24+dfsg1/alpine/arg.c:1014:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(list, "enable-suspend", sizeof(list)-strlen(list)-1); data/alpine-2.24+dfsg1/alpine/arg.c:1047:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp1 = fs_get((strlen(ps_global->vars[V_XOAUTH2_INFO].name) + strlen(tmp2) + 2)*sizeof(char)); data/alpine-2.24+dfsg1/alpine/arg.c:1047:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp1 = fs_get((strlen(ps_global->vars[V_XOAUTH2_INFO].name) + strlen(tmp2) + 2)*sizeof(char)); data/alpine-2.24+dfsg1/alpine/arg.c:1403:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p1 = arg + strlen(v->name); data/alpine-2.24+dfsg1/alpine/busy.c:185:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(busy_message, msg, sizeof(busy_message)); data/alpine-2.24+dfsg1/alpine/busy.c:189:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(busy_message, "Busy", sizeof(busy_message)); data/alpine-2.24+dfsg1/alpine/busy.c:221:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, progress, sizeof(buf)-1); data/alpine-2.24+dfsg1/alpine/busy.c:224:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buf, append, sizeof(buf) - strlen(buf) - 1); data/alpine-2.24+dfsg1/alpine/busy.c:224:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, append, sizeof(buf) - strlen(buf) - 1); data/alpine-2.24+dfsg1/alpine/busy.c:374:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = dbuf + strlen(dbuf) - 8; data/alpine-2.24+dfsg1/alpine/busy.c:404:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(b+1, data/alpine-2.24+dfsg1/alpine/colorconf.c:764:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(varnum == V_VIEW_HDR_COLORS ? HEADER_WORD : TOKEN_WORD); data/alpine-2.24+dfsg1/alpine/colorconf.c:2038:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(sval[strlen(sval)-1] == ':') /* remove trailing colon */ data/alpine-2.24+dfsg1/alpine/colorconf.c:2039:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sval[strlen(sval)-1] = '\0'; data/alpine-2.24+dfsg1/alpine/colorconf.c:2830:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ctmp->valoffset = indent-5 + strlen(ctmp->varname) + 1; data/alpine-2.24+dfsg1/alpine/confscroll.c:1074:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(last, p, sizeof(last)); data/alpine-2.24+dfsg1/alpine/confscroll.c:1112:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, p, sizeof(buf)); data/alpine-2.24+dfsg1/alpine/confscroll.c:1122:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, p, sizeof(buf)); data/alpine-2.24+dfsg1/alpine/confscroll.c:1132:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, last, 64); data/alpine-2.24+dfsg1/alpine/confscroll.c:1265:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(last, buf, 64); data/alpine-2.24+dfsg1/alpine/confscroll.c:1717:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmpval, (*cl)->value, sizeof(tmpval)); data/alpine-2.24+dfsg1/alpine/confscroll.c:1726:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(tmpval, "...", sizeof(tmpval)-strlen(tmpval)-1); data/alpine-2.24+dfsg1/alpine/confscroll.c:1726:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tmpval, "...", sizeof(tmpval)-strlen(tmpval)-1); data/alpine-2.24+dfsg1/alpine/confscroll.c:1747:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(prompt, _("Replace or Add To default value ? "), sizeof(prompt)); data/alpine-2.24+dfsg1/alpine/confscroll.c:1777:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sval, olddefval, oebufsize); data/alpine-2.24+dfsg1/alpine/confscroll.c:1841:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || !struncmp(sval, _(empty_val), strlen(_(empty_val))) data/alpine-2.24+dfsg1/alpine/confscroll.c:1843:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && !struncmp(sval+1, _(empty_val), strlen(_(empty_val))))) data/alpine-2.24+dfsg1/alpine/confscroll.c:1845:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(!struncmp(sval, _(no_val), strlen(_(no_val))) data/alpine-2.24+dfsg1/alpine/confscroll.c:1847:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && !struncmp(sval+1, _(no_val), strlen(_(no_val))))) data/alpine-2.24+dfsg1/alpine/confscroll.c:1925:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmpval, (*cl)->value, sizeof(tmpval)); data/alpine-2.24+dfsg1/alpine/confscroll.c:1933:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(tmpval, "...", sizeof(tmpval)-strlen(tmpval)-1); data/alpine-2.24+dfsg1/alpine/confscroll.c:1933:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tmpval, "...", sizeof(tmpval)-strlen(tmpval)-1); data/alpine-2.24+dfsg1/alpine/confscroll.c:2121:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). olddefval = (char *) fs_get(strlen((*cl)->var->current_val.p)+3); data/alpine-2.24+dfsg1/alpine/confscroll.c:2125:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (len=strlen(DSTRING)))){ data/alpine-2.24+dfsg1/alpine/confscroll.c:2127:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(olddefval, (*cl)->var->current_val.p+len, data/alpine-2.24+dfsg1/alpine/confscroll.c:2128:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen((*cl)->var->current_val.p)-len-1); data/alpine-2.24+dfsg1/alpine/confscroll.c:2129:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). olddefval[strlen((*cl)->var->current_val.p)-len-1] = '\0'; data/alpine-2.24+dfsg1/alpine/confscroll.c:2133:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). quote_it = ((*cl)->var->current_val.p[strlen((*cl)->var->current_val.p)-1] == SPACE); data/alpine-2.24+dfsg1/alpine/confscroll.c:2134:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(olddefval, strlen((*cl)->var->current_val.p)+3, "%s%s%s", quote_it ? "\"" : "", (*cl)->var->current_val.p, quote_it ? "\"" : ""); data/alpine-2.24+dfsg1/alpine/confscroll.c:2137:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). olddefval[strlen((*cl)->var->current_val.p)+3-1] = '\0'; data/alpine-2.24+dfsg1/alpine/confscroll.c:2172:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oebufsize = clptr ? (int) MAX(MAXPATH, 50+strlen(clptr)) : MAXPATH; data/alpine-2.24+dfsg1/alpine/confscroll.c:2195:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || !struncmp(sval, _(empty_val), strlen(_(empty_val))) data/alpine-2.24+dfsg1/alpine/confscroll.c:2197:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && !struncmp(sval+1, _(empty_val), strlen(_(empty_val))))) data/alpine-2.24+dfsg1/alpine/confscroll.c:2199:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(!struncmp(sval, _(no_val), strlen(_(no_val))) data/alpine-2.24+dfsg1/alpine/confscroll.c:2201:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && !struncmp(sval+1, _(no_val), strlen(_(no_val))))) data/alpine-2.24+dfsg1/alpine/confscroll.c:4043:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp+strlen(tmp), sizeof(tmp)-strlen(tmp), "%*s", avail_width-utf8_width(tmp), ""); data/alpine-2.24+dfsg1/alpine/confscroll.c:4043:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp+strlen(tmp), sizeof(tmp)-strlen(tmp), "%*s", avail_width-utf8_width(tmp), ""); data/alpine-2.24+dfsg1/alpine/confscroll.c:4211:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp+strlen(tmp), sizeof(tmp)-strlen(tmp), data/alpine-2.24+dfsg1/alpine/confscroll.c:4211:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp+strlen(tmp), sizeof(tmp)-strlen(tmp), data/alpine-2.24+dfsg1/alpine/confscroll.c:4920:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = prompt + strlen(prompt); data/alpine-2.24+dfsg1/alpine/confscroll.c:4963:13: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. (void) strncat(prompt, clear, sizeof(prompt)-strlen(prompt)-1); data/alpine-2.24+dfsg1/alpine/confscroll.c:4963:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) strncat(prompt, clear, sizeof(prompt)-strlen(prompt)-1); data/alpine-2.24+dfsg1/alpine/confscroll.c:5017:15: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. (void) strncat(prompt, clear, sizeof(prompt)-strlen(prompt)-1); data/alpine-2.24+dfsg1/alpine/confscroll.c:5017:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) strncat(prompt, clear, sizeof(prompt)-strlen(prompt)-1); data/alpine-2.24+dfsg1/alpine/confscroll.c:5152:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ps->cur_folder, ps->mail_stream->mailbox, data/alpine-2.24+dfsg1/alpine/confscroll.c:5476:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(ps->VAR_OPER_DIR) + 100; data/alpine-2.24+dfsg1/alpine/context.c:734:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tpath, ((*cl)->d.c.ct->context[0] == '{' data/alpine-2.24+dfsg1/alpine/dispfilt.c:206:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bp, filter, strlen(filter)+1); data/alpine-2.24+dfsg1/alpine/dispfilt.c:206:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(bp, filter, strlen(filter)+1); data/alpine-2.24+dfsg1/alpine/dispfilt.c:232:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(to_l) + strlen(cc_l) + strlen(bcc_l) + 2; data/alpine-2.24+dfsg1/alpine/dispfilt.c:232:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(to_l) + strlen(cc_l) + strlen(bcc_l) + 2; data/alpine-2.24+dfsg1/alpine/dispfilt.c:232:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(to_l) + strlen(cc_l) + strlen(bcc_l) + 2; data/alpine-2.24+dfsg1/alpine/dispfilt.c:329:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += (strlen(*q)+1); data/alpine-2.24+dfsg1/alpine/dispfilt.c:421:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cmdbuf, cmd, cmdbuflen); data/alpine-2.24+dfsg1/alpine/flagmaint.c:89:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((need = offset + 5 + lv + strlen(spacer) + lc) > maxwidth){ data/alpine-2.24+dfsg1/alpine/flagmaint.c:92:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((need = offset + 5 + lv + strlen(spacer) + lc) > maxwidth){ data/alpine-2.24+dfsg1/alpine/flagmaint.c:94:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((need = offset + 5 + lv + strlen(spacer) + lc) > maxwidth){ data/alpine-2.24+dfsg1/alpine/flagmaint.c:129:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)(lv+lc+strlen(spacer)), repeat_char(lv+lc+strlen(spacer), '-')); data/alpine-2.24+dfsg1/alpine/flagmaint.c:129:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)(lv+lc+strlen(spacer)), repeat_char(lv+lc+strlen(spacer), '-')); data/alpine-2.24+dfsg1/alpine/flagmaint.c:195:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(prompt, _("Keyword to be added : "), sizeof(prompt)-1); data/alpine-2.24+dfsg1/alpine/folder.c:271:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(ps_global->cur_folder) < MAXFOLDER - 1){ data/alpine-2.24+dfsg1/alpine/folder.c:272:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fs.first_folder, ps_global->cur_folder, MAXFOLDER); data/alpine-2.24+dfsg1/alpine/folder.c:295:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, q, MIN(p - q, sizeof(tmp)-1)); data/alpine-2.24+dfsg1/alpine/folder.c:597:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(folder, (char *) folders->name, MAILTMPLEN-1); data/alpine-2.24+dfsg1/alpine/folder.c:814:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(path_in_context) < (MAILTMPLEN/2)){ data/alpine-2.24+dfsg1/alpine/folder.c:960:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pbf.headents[AC_NICK].maxlen = strlen(nick); data/alpine-2.24+dfsg1/alpine/folder.c:967:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pbf.headents[AC_SERV].maxlen = strlen(serv); data/alpine-2.24+dfsg1/alpine/folder.c:974:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pbf.headents[AC_PATH].maxlen = strlen(path); data/alpine-2.24+dfsg1/alpine/folder.c:982:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pbf.headents[AC_VIEW].maxlen = strlen(view); data/alpine-2.24+dfsg1/alpine/folder.c:1014:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(serv[0] == '{' && serv[strlen(serv)-1] == '}'){ data/alpine-2.24+dfsg1/alpine/folder.c:1015:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(servpart, serv, sizeof(servpart)-1); data/alpine-2.24+dfsg1/alpine/folder.c:1024:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(servpart, "#news.", sizeof(servpart)-1-strlen(servpart)); data/alpine-2.24+dfsg1/alpine/folder.c:1024:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(servpart, "#news.", sizeof(servpart)-1-strlen(servpart)); data/alpine-2.24+dfsg1/alpine/folder.c:1038:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new_cntxt, val, sizeof(new_cntxt)-2); data/alpine-2.24+dfsg1/alpine/folder.c:1043:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(new_cntxt, " ", sizeof(new_cntxt)-strlen(new_cntxt)-1); data/alpine-2.24+dfsg1/alpine/folder.c:1043:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(new_cntxt, " ", sizeof(new_cntxt)-strlen(new_cntxt)-1); data/alpine-2.24+dfsg1/alpine/folder.c:1055:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pathpart, val, sizeof(pathpart)-1); data/alpine-2.24+dfsg1/alpine/folder.c:1062:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(pathpart, (char *) pbf.headents[AC_PATH].bldr_private, data/alpine-2.24+dfsg1/alpine/folder.c:1063:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(pathpart)-strlen(pathpart)-1); data/alpine-2.24+dfsg1/alpine/folder.c:1078:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((j=strlen(view)) < 2 || (view[j-1] != ']' && data/alpine-2.24+dfsg1/alpine/folder.c:1086:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(new_cntxt, val, sizeof(new_cntxt)-1-strlen(new_cntxt)); data/alpine-2.24+dfsg1/alpine/folder.c:1086:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(new_cntxt, val, sizeof(new_cntxt)-1-strlen(new_cntxt)); data/alpine-2.24+dfsg1/alpine/folder.c:1164:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(server[0] == '{' && server[strlen(server)-1] == '}'){ data/alpine-2.24+dfsg1/alpine/folder.c:1165:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, server, sizeof(tmp)-1); data/alpine-2.24+dfsg1/alpine/folder.c:1173:8: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(tmp, "#news.", sizeof(tmp)-1-strlen(tmp)); data/alpine-2.24+dfsg1/alpine/folder.c:1173:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tmp, "#news.", sizeof(tmp)-1-strlen(tmp)); data/alpine-2.24+dfsg1/alpine/folder.c:1197:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(tmp, path, sizeof(tmp)-1-strlen(tmp)); data/alpine-2.24+dfsg1/alpine/folder.c:1197:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tmp, path, sizeof(tmp)-1-strlen(tmp)); data/alpine-2.24+dfsg1/alpine/folder.c:1199:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmpnodel, tmp, sizeof(tmpnodel)-1); data/alpine-2.24+dfsg1/alpine/folder.c:1208:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(tmp[(i = strlen(tmp)) - 1] == delim) data/alpine-2.24+dfsg1/alpine/folder.c:1341:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(p) + 2; data/alpine-2.24+dfsg1/alpine/folder.c:1516:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(fp && strlen(FLDR_NAME(fp)) < MAXFOLDER -1){ data/alpine-2.24+dfsg1/alpine/folder.c:1517:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fs->first_folder, FLDR_NAME(fp), MAXFOLDER); data/alpine-2.24+dfsg1/alpine/folder.c:1657:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "%.*s>", wid, data/alpine-2.24+dfsg1/alpine/folder.c:1657:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "%.*s>", wid, data/alpine-2.24+dfsg1/alpine/folder.c:1673:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(lbuf, c_list->label, sizeof(lbuf)); data/alpine-2.24+dfsg1/alpine/folder.c:1688:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(lbuf, c_list->comment, sizeof(lbuf)); data/alpine-2.24+dfsg1/alpine/folder.c:1702:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, strsquish(tmp_20k_buf,SIZEOF_20KBUF,c_list->dir->desc,cols), data/alpine-2.24+dfsg1/alpine/folder.c:1722:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(lbuf, tmp_20k_buf, sizeof(lbuf)); data/alpine-2.24+dfsg1/alpine/folder.c:1793:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width += (strlen(tose(f->new)) + 3); data/alpine-2.24+dfsg1/alpine/folder.c:1795:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width += (strlen(tose(f->total)) + 1); data/alpine-2.24+dfsg1/alpine/folder.c:1801:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width += (strlen(tose(f->unseen)) + 3); data/alpine-2.24+dfsg1/alpine/folder.c:1803:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width += (strlen(tose(f->total)) + 1); data/alpine-2.24+dfsg1/alpine/folder.c:1898:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(lbuf, _(emptiness), sizeof(lbuf)); data/alpine-2.24+dfsg1/alpine/folder.c:1917:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(lbuf, _(unexpanded), sizeof(lbuf)); data/alpine-2.24+dfsg1/alpine/folder.c:1991:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (*pc)(strlen(buf)) && gf_puts(buf, pc)) : 1) data/alpine-2.24+dfsg1/alpine/folder.c:2062:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (*pc)(strlen(buf)) && gf_puts(buf, pc)) : 1) data/alpine-2.24+dfsg1/alpine/folder.c:2113:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rv = strlen(buf); data/alpine-2.24+dfsg1/alpine/folder.c:2367:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(new_file) < MAXFOLDER - 1){ data/alpine-2.24+dfsg1/alpine/folder.c:2368:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(FPROC(sparms)->fs->first_folder, new_file, MAXFOLDER); data/alpine-2.24+dfsg1/alpine/folder.c:2445:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(new_file) < MAXFOLDER - 1){ data/alpine-2.24+dfsg1/alpine/folder.c:2446:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(FPROC(sparms)->fs->first_folder, new_file, MAXFOLDER); data/alpine-2.24+dfsg1/alpine/folder.c:2482:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(new_file) < MAXFOLDER - 1){ data/alpine-2.24+dfsg1/alpine/folder.c:2483:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(FPROC(sparms)->fs->first_folder, new_file, MAXFOLDER); data/alpine-2.24+dfsg1/alpine/folder.c:2518:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(next_folder[0] && strlen(next_folder) < MAXFOLDER - 1){ data/alpine-2.24+dfsg1/alpine/folder.c:2519:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(FPROC(sparms)->fs->first_folder, next_folder, MAXFOLDER); data/alpine-2.24+dfsg1/alpine/folder.c:2553:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(FPROC(sparms)->fs->first_folder, data/alpine-2.24+dfsg1/alpine/folder.c:2643:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(FLDR_NAME(fp)) < MAXFOLDER - 1){ data/alpine-2.24+dfsg1/alpine/folder.c:2644:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(FPROC(sparms)->fs->first_folder, FLDR_NAME(fp), MAXFOLDER); data/alpine-2.24+dfsg1/alpine/folder.c:2687:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strlen(FLDR_NAME(fp)) < MAXFOLDER - 1){ data/alpine-2.24+dfsg1/alpine/folder.c:2688:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(FPROC(sparms)->fs->first_folder, FLDR_NAME(fp), MAXFOLDER); data/alpine-2.24+dfsg1/alpine/folder.c:2740:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(tmp_output, _("Invalid Folder Name"), sizeof(tmp_output)-1); data/alpine-2.24+dfsg1/alpine/folder.c:2770:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(tmp_output, _("No folder to check! Can't get recent info"), data/alpine-2.24+dfsg1/alpine/folder.c:3535:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(oldir, s+1, sizeof(oldir)-1); data/alpine-2.24+dfsg1/alpine/folder.c:3543:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(oldir) < MAXFOLDER - 1){ data/alpine-2.24+dfsg1/alpine/folder.c:3544:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fs->first_folder, oldir, MAXFOLDER); data/alpine-2.24+dfsg1/alpine/folder.c:3653:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(deefault, FLDR_NAME(f), sizeof(deefault)-1); data/alpine-2.24+dfsg1/alpine/folder.c:3663:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(expanded_file, fname, sizeof(expanded_file)); data/alpine-2.24+dfsg1/alpine/folder.c:3672:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(expanded_file, p, sizeof(expanded_file)); data/alpine-2.24+dfsg1/alpine/folder.c:3789:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ff = full_filename + strlen("#driver.unix/"); data/alpine-2.24+dfsg1/alpine/folder.c:3933:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(add_folder, newfolder, len-1); data/alpine-2.24+dfsg1/alpine/folder.c:4188:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(inbox_host, beg+1, end - beg); data/alpine-2.24+dfsg1/alpine/folder.c:4239:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(add_folder, default_mail_drop_host, add_folderlen); data/alpine-2.24+dfsg1/alpine/folder.c:4243:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(add_folder, default_dstn_host, add_folderlen); data/alpine-2.24+dfsg1/alpine/folder.c:4273:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(add_folder, dstnmbox, add_folderlen); data/alpine-2.24+dfsg1/alpine/folder.c:4303:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q = add_folder + strlen(add_folder) - 1; data/alpine-2.24+dfsg1/alpine/folder.c:4334:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(add_folder, inbox_host, add_folderlen); data/alpine-2.24+dfsg1/alpine/folder.c:4387:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(def_in_prompt, default_mail_drop_folder, data/alpine-2.24+dfsg1/alpine/folder.c:4392:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(def_in_prompt, default_dstn_folder, data/alpine-2.24+dfsg1/alpine/folder.c:4398:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((offset = strlen(add_folder)) != 0){ /* must be host for incoming */ data/alpine-2.24+dfsg1/alpine/folder.c:4490:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&add_folder[offset], def_in_prompt, add_folderlen-offset); data/alpine-2.24+dfsg1/alpine/folder.c:4500:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(orig_folder, &add_folder[offset], 2*MAXFOLDER+10); data/alpine-2.24+dfsg1/alpine/folder.c:4501:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&add_folder[offset], (char *) mutf7, add_folderlen-offset); data/alpine-2.24+dfsg1/alpine/folder.c:4595:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). offset = strlen(add_folder); data/alpine-2.24+dfsg1/alpine/folder.c:4624:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(orig_folder, &add_folder[offset], 2*MAXFOLDER+10); data/alpine-2.24+dfsg1/alpine/folder.c:4625:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&add_folder[offset], (char *) mutf7, add_folderlen-offset); data/alpine-2.24+dfsg1/alpine/folder.c:4842:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 5 + 2 + strlen(maildropfolder) + strlen(add_folder); data/alpine-2.24+dfsg1/alpine/folder.c:4842:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 5 + 2 + strlen(maildropfolder) + strlen(add_folder); data/alpine-2.24+dfsg1/alpine/folder.c:4854:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(maildroplongname) < add_folderlen){ data/alpine-2.24+dfsg1/alpine/folder.c:4855:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(add_folder, maildroplongname, add_folderlen); data/alpine-2.24+dfsg1/alpine/folder.c:4914:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). f->name_len = strlen(f->nickname); data/alpine-2.24+dfsg1/alpine/folder.c:4931:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(add_folder, nickname, add_folderlen-1); /* known by new name */ data/alpine-2.24+dfsg1/alpine/folder.c:5059:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(strlen(folder)){ data/alpine-2.24+dfsg1/alpine/folder.c:5094:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(folder, f, len-1); data/alpine-2.24+dfsg1/alpine/folder.c:5156:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(folder, (char *) folders->name, len-1); data/alpine-2.24+dfsg1/alpine/folder.c:5210:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(folder, (char *) flp->name, len-1); data/alpine-2.24+dfsg1/alpine/folder.c:5378:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new_name, folder, len-1); data/alpine-2.24+dfsg1/alpine/folder.c:5849:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strlen(FLDR_NAME(fp)) < len - 1) data/alpine-2.24+dfsg1/alpine/folder.c:5850:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(next_folder, FLDR_NAME(fp), len-1); data/alpine-2.24+dfsg1/alpine/folder.c:6575:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(next, FLDR_NAME(f), nextlen); data/alpine-2.24+dfsg1/alpine/folder.c:6877:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(post_host[0]) + 20; data/alpine-2.24+dfsg1/alpine/folder.c:6912:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, prefix, sizeof(tmp)); data/alpine-2.24+dfsg1/alpine/help.c:251:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp_20k_buf, &hscroll.help_source[i][7], SIZEOF_20KBUF); data/alpine-2.24+dfsg1/alpine/help.c:455:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(help_name, t->tag, sizeof(help_name)-1); data/alpine-2.24+dfsg1/alpine/help.c:609:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "\015\012\015\012\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/help.c:609:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "\015\012\015\012\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/help.c:611:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ins = gf_line_test_new_ins(ins, line, buf, strlen(buf)); data/alpine-2.24+dfsg1/alpine/help.c:651:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newhelp = help_name2section(url, strlen(url)); data/alpine-2.24+dfsg1/alpine/help.c:912:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(debugkeylabel, _("DebugView"), sizeof(debugkeylabel)); data/alpine-2.24+dfsg1/alpine/help.c:971:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). url_copy = cpystr(url + strlen("x-alpine-gripe:")); data/alpine-2.24+dfsg1/alpine/help.c:1103:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pb->size.bytes = strlen((char *) so_text(store)); data/alpine-2.24+dfsg1/alpine/help.c:1136:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pb->size.bytes = strlen((char *) so_text(store)); data/alpine-2.24+dfsg1/alpine/help.c:1187:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pb->size.bytes = strlen((char *) so_text(store)); data/alpine-2.24+dfsg1/alpine/help.c:1225:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pb->size.bytes = strlen(p); data/alpine-2.24+dfsg1/alpine/help.c:1235:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pb->size.bytes += strlen(p); data/alpine-2.24+dfsg1/alpine/imap.c:400:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n += strlen(oa2list->name); + 5; /* number, parenthesis, space */ data/alpine-2.24+dfsg1/alpine/imap.c:404:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(s + strlen(s), _("Please select the client-id to use from the following list.\n\n")); data/alpine-2.24+dfsg1/alpine/imap.c:408:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(s + strlen(s), " %d) %.70s\n", j++, oa2list->name); data/alpine-2.24+dfsg1/alpine/imap.c:412:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(prompt, _("Enter your selection number: "), sizeof(prompt)); data/alpine-2.24+dfsg1/alpine/imap.c:574:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:574:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:578:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:578:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:583:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:583:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:589:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:589:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:594:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:594:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:598:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:598:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:602:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:602:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:606:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:606:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:610:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:610:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:614:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:614:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:620:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(tmp, _("Alpine would like to get authorization to access your email. Proceed "), sizeof(tmp)); data/alpine-2.24+dfsg1/alpine/imap.c:629:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:629:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:638:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(tmp, _("Continue waiting"), sizeof(tmp)); data/alpine-2.24+dfsg1/alpine/imap.c:772:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:772:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:776:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:776:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:780:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:780:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:784:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:784:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:788:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:788:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:792:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:792:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:796:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:796:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:800:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:800:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:804:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:804:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:808:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:808:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf+strlen(tmp_20k_buf), SIZEOF_20KBUF-strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/alpine/imap.c:814:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(tmp, _("Alpine would like to get authorization to access your email. Proceed "), sizeof(tmp)); data/alpine-2.24+dfsg1/alpine/imap.c:959:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(user, mb->user, NETMAXUSER); data/alpine-2.24+dfsg1/alpine/imap.c:1200:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(SaveRefreshToken ? SaveRefreshToken : "") data/alpine-2.24+dfsg1/alpine/imap.c:1201:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(SaveAccessToken ? SaveAccessToken : "") data/alpine-2.24+dfsg1/alpine/imap.c:1202:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(tmp) + 2; data/alpine-2.24+dfsg1/alpine/imap.c:1385:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(message, string, sizeof(message)); data/alpine-2.24+dfsg1/alpine/imap.c:1429:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ps_global->c_client_error, message, data/alpine-2.24+dfsg1/alpine/imap.c:1440:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ps_global->last_error, message, sizeof(ps_global->last_error)); data/alpine-2.24+dfsg1/alpine/imap.c:1527:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(hostlist0, mb->host, sizeof(hostlist0)-1); data/alpine-2.24+dfsg1/alpine/imap.c:1529:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(hostlist0, non_def_port, sizeof(hostlist0)-strlen(hostlist0)-1); data/alpine-2.24+dfsg1/alpine/imap.c:1529:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(hostlist0, non_def_port, sizeof(hostlist0)-strlen(hostlist0)-1); data/alpine-2.24+dfsg1/alpine/imap.c:1533:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(hostlist1, mb->orighost, sizeof(hostlist1)-1); data/alpine-2.24+dfsg1/alpine/imap.c:1535:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(hostlist1, non_def_port, sizeof(hostlist1)-strlen(hostlist1)-1); data/alpine-2.24+dfsg1/alpine/imap.c:1535:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(hostlist1, non_def_port, sizeof(hostlist1)-strlen(hostlist1)-1); data/alpine-2.24+dfsg1/alpine/imap.c:1573:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(user, (*mb->user) ? mb->user : data/alpine-2.24+dfsg1/alpine/imap.c:1614:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(user, last, NETMAXUSER); data/alpine-2.24+dfsg1/alpine/imap.c:1653:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(user, last, NETMAXUSER); data/alpine-2.24+dfsg1/alpine/imap.c:1703:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(defuser, user, sizeof(defuser)-1); data/alpine-2.24+dfsg1/alpine/imap.c:1721:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(hostname, mb->host, sizeof(hostname)-1); data/alpine-2.24+dfsg1/alpine/imap.c:1728:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(port, non_def_port, sizeof(port)); data/alpine-2.24+dfsg1/alpine/imap.c:1736:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(insecure, insec, sizeof(insecure)); data/alpine-2.24+dfsg1/alpine/imap.c:1749:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need = utf8_width(retry) + utf8_width(hostleadin) + strlen(hostname) + strlen(port) + data/alpine-2.24+dfsg1/alpine/imap.c:1749:73: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need = utf8_width(retry) + utf8_width(hostleadin) + strlen(hostname) + strlen(port) + data/alpine-2.24+dfsg1/alpine/imap.c:1750:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). utf8_width(insecure) + utf8_width(logleadin) + strlen(defubuf) + oespace; data/alpine-2.24+dfsg1/alpine/imap.c:1756:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(hostname); data/alpine-2.24+dfsg1/alpine/imap.c:1759:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need -= (len - strlen(hostname)); data/alpine-2.24+dfsg1/alpine/imap.c:1785:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(avail < need && strlen(port) > 0){ data/alpine-2.24+dfsg1/alpine/imap.c:1786:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need -= strlen(port); data/alpine-2.24+dfsg1/alpine/imap.c:1797:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reduce_to = (need - avail < strlen(hostname) - 6) ? (strlen(hostname)-(need-avail)) : 6; data/alpine-2.24+dfsg1/alpine/imap.c:1797:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reduce_to = (need - avail < strlen(hostname) - 6) ? (strlen(hostname)-(need-avail)) : 6; data/alpine-2.24+dfsg1/alpine/imap.c:1798:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(hostname); data/alpine-2.24+dfsg1/alpine/imap.c:1799:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(hostname+reduce_to-3, "...", 4); data/alpine-2.24+dfsg1/alpine/imap.c:1800:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need -= (len - strlen(hostname)); data/alpine-2.24+dfsg1/alpine/imap.c:1802:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(avail < need && strlen(insecure) > 0){ data/alpine-2.24+dfsg1/alpine/imap.c:1805:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). insecure[strlen(insecure)-4] = ')'; data/alpine-2.24+dfsg1/alpine/imap.c:1806:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). insecure[strlen(insecure)-3] = '\0'; data/alpine-2.24+dfsg1/alpine/imap.c:1815:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(defubuf) > 3){ data/alpine-2.24+dfsg1/alpine/imap.c:1816:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(defubuf); data/alpine-2.24+dfsg1/alpine/imap.c:1817:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(defubuf, " [..] :", 9); data/alpine-2.24+dfsg1/alpine/imap.c:1818:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need -= (len - strlen(defubuf)); data/alpine-2.24+dfsg1/alpine/imap.c:1822:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(defubuf, ":", 2); data/alpine-2.24+dfsg1/alpine/imap.c:1847:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(user, defuser, NETMAXUSER); data/alpine-2.24+dfsg1/alpine/imap.c:1872:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(user, defuser, NETMAXUSER); data/alpine-2.24+dfsg1/alpine/imap.c:1886:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(user, mb->user, NETMAXUSER); data/alpine-2.24+dfsg1/alpine/imap.c:1961:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(hostname, mb->host, sizeof(hostname)-1); data/alpine-2.24+dfsg1/alpine/imap.c:1968:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(port, non_def_port, sizeof(port)); data/alpine-2.24+dfsg1/alpine/imap.c:1977:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(insecure, insec, sizeof(insecure)); data/alpine-2.24+dfsg1/alpine/imap.c:1980:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(logleadin, usethisprompt, sizeof(logleadin)); data/alpine-2.24+dfsg1/alpine/imap.c:1988:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(defubuf, user, sizeof(defubuf)-1); data/alpine-2.24+dfsg1/alpine/imap.c:1999:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need = utf8_width(retry) + utf8_width(hostleadin) + strlen(hostname) + strlen(port) + data/alpine-2.24+dfsg1/alpine/imap.c:1999:76: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need = utf8_width(retry) + utf8_width(hostleadin) + strlen(hostname) + strlen(port) + data/alpine-2.24+dfsg1/alpine/imap.c:2000:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). utf8_width(insecure) + utf8_width(logleadin) + strlen(defubuf) + data/alpine-2.24+dfsg1/alpine/imap.c:2006:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(hostname); data/alpine-2.24+dfsg1/alpine/imap.c:2009:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need -= (len - strlen(hostname)); data/alpine-2.24+dfsg1/alpine/imap.c:2036:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(avail < need && strlen(port) > 0){ data/alpine-2.24+dfsg1/alpine/imap.c:2037:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need -= strlen(port); data/alpine-2.24+dfsg1/alpine/imap.c:2056:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reduce_to = (need - avail < strlen(hostname) - 6) ? (strlen(hostname)-(need-avail)) : 6; data/alpine-2.24+dfsg1/alpine/imap.c:2056:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reduce_to = (need - avail < strlen(hostname) - 6) ? (strlen(hostname)-(need-avail)) : 6; data/alpine-2.24+dfsg1/alpine/imap.c:2057:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(hostname); data/alpine-2.24+dfsg1/alpine/imap.c:2058:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(hostname+reduce_to-3, "...", 4); data/alpine-2.24+dfsg1/alpine/imap.c:2059:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need -= (len - strlen(hostname)); data/alpine-2.24+dfsg1/alpine/imap.c:2061:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(avail < need && strlen(insecure) > 0){ data/alpine-2.24+dfsg1/alpine/imap.c:2064:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). insecure[strlen(insecure)-4] = ')'; data/alpine-2.24+dfsg1/alpine/imap.c:2065:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). insecure[strlen(insecure)-3] = '\0'; data/alpine-2.24+dfsg1/alpine/imap.c:2075:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(logleadin, " ", sizeof(logleadin)); data/alpine-2.24+dfsg1/alpine/imap.c:2080:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reduce_to = (need - avail < strlen(defubuf) - 6) ? (strlen(defubuf)-(need-avail)) : 0; data/alpine-2.24+dfsg1/alpine/imap.c:2080:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reduce_to = (need - avail < strlen(defubuf) - 6) ? (strlen(defubuf)-(need-avail)) : 0; data/alpine-2.24+dfsg1/alpine/imap.c:2082:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(defubuf+reduce_to-3, "...", 4); data/alpine-2.24+dfsg1/alpine/imap.c:2110:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, tmpp, sizeof(tmp)); data/alpine-2.24+dfsg1/alpine/imap.c:2253:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). - strlen(DE_FOLDER(stream)))/2, 0), data/alpine-2.24+dfsg1/alpine/imap.c:2650:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, data/alpine-2.24+dfsg1/alpine/imap.c:2654:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(tmp, _(": Continue anyway "), sizeof(tmp)-strlen(tmp)-1); data/alpine-2.24+dfsg1/alpine/imap.c:2654:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tmp, _(": Continue anyway "), sizeof(tmp)-strlen(tmp)-1); data/alpine-2.24+dfsg1/alpine/imap.c:2685:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(last_cmpnt(name)) > 15 ? "..." : ""); data/alpine-2.24+dfsg1/alpine/imap.c:2786:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buf, _("There was an SSL/TLS failure for the server"), sizeof(buf)); data/alpine-2.24+dfsg1/alpine/imap.c:2792:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((len=strlen(hst)) <= cols){ data/alpine-2.24+dfsg1/alpine/imap.c:2800:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, hst, sizeof(buf)); data/alpine-2.24+dfsg1/alpine/imap.c:2809:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buf, _("The reason for the failure was"), sizeof(buf)); data/alpine-2.24+dfsg1/alpine/imap.c:2815:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((len=strlen(rsn)) <= cols){ data/alpine-2.24+dfsg1/alpine/imap.c:2823:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, rsn, sizeof(buf)); data/alpine-2.24+dfsg1/alpine/imap.c:2832:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buf, _("This is just an informational message. With the current setup, SSL/TLS will not work. If this error re-occurs every time you run Alpine, your current setup is not compatible with the configuration of your mail server. You may want to add the option"), sizeof(buf)); data/alpine-2.24+dfsg1/alpine/imap.c:2838:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((len=strlen(notls)) <= cols){ data/alpine-2.24+dfsg1/alpine/imap.c:2846:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, notls, sizeof(buf)); data/alpine-2.24+dfsg1/alpine/imap.c:2855:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buf, _("to the name of the mail server you are attempting to access. In other words, wherever you see the characters"), data/alpine-2.24+dfsg1/alpine/imap.c:2862:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((len=strlen(hst)) <= cols){ data/alpine-2.24+dfsg1/alpine/imap.c:2870:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, hst, sizeof(buf)); data/alpine-2.24+dfsg1/alpine/imap.c:2879:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buf, _("in your configuration, replace those characters with"), data/alpine-2.24+dfsg1/alpine/imap.c:2888:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((len=strlen(buf2)) <= cols){ data/alpine-2.24+dfsg1/alpine/imap.c:2896:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, buf2, sizeof(buf)); data/alpine-2.24+dfsg1/alpine/imap.c:2906:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buf, _("Type RETURN to continue."), sizeof(buf)); data/alpine-2.24+dfsg1/alpine/imap.c:3268:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp += strlen(TNAME); data/alpine-2.24+dfsg1/alpine/imap.c:3339:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { kSecAccountItemAttr, strlen(TNAME), TNAME } data/alpine-2.24+dfsg1/alpine/imap.c:3390:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(blobcopy, (char *) blob, blength); data/alpine-2.24+dfsg1/alpine/imap.c:3407:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(target, data/alpine-2.24+dfsg1/alpine/imap.c:3593:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = text2 ? strlen(text2) : 0; data/alpine-2.24+dfsg1/alpine/imap.c:3724:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cred.CredentialBlobSize = strlen(blob)+1; data/alpine-2.24+dfsg1/alpine/imap.c:3768:101: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dprint((10, "write_passfile: SecKeychainAddGenericPassword(NULL, %d, %s, %d, %s, %d, %s, NULL)\n", strlen(target), target, strlen(TNAME), TNAME, strlen(blob), blob)); data/alpine-2.24+dfsg1/alpine/imap.c:3768:125: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dprint((10, "write_passfile: SecKeychainAddGenericPassword(NULL, %d, %s, %d, %s, %d, %s, NULL)\n", strlen(target), target, strlen(TNAME), TNAME, strlen(blob), blob)); data/alpine-2.24+dfsg1/alpine/imap.c:3768:147: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dprint((10, "write_passfile: SecKeychainAddGenericPassword(NULL, %d, %s, %d, %s, %d, %s, NULL)\n", strlen(target), target, strlen(TNAME), TNAME, strlen(blob), blob)); data/alpine-2.24+dfsg1/alpine/imap.c:3771:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(target), target, data/alpine-2.24+dfsg1/alpine/imap.c:3772:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(TNAME), TNAME, data/alpine-2.24+dfsg1/alpine/imap.c:3773:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(blob), blob, data/alpine-2.24+dfsg1/alpine/imap.c:3787:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(target), target, data/alpine-2.24+dfsg1/alpine/imap.c:3788:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(TNAME), TNAME, data/alpine-2.24+dfsg1/alpine/imap.c:3792:69: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rc = SecKeychainItemModifyAttributesAndData(itemRef, NULL, strlen(blob), blob); data/alpine-2.24+dfsg1/alpine/imap.c:3824:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp2, tmp, sizeof(tmp2)); data/alpine-2.24+dfsg1/alpine/imap.c:3851:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fs_resize((void **)&text, (len + strlen(tmp) + 1)*sizeof(char)); data/alpine-2.24+dfsg1/alpine/imap.c:3853:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(tmp) + 1; data/alpine-2.24+dfsg1/alpine/imap.c:3854:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(text, tmp, strlen(tmp)); data/alpine-2.24+dfsg1/alpine/imap.c:3854:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(text, tmp, strlen(tmp)); data/alpine-2.24+dfsg1/alpine/imap.c:4092:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(TNAMEPROMPT), data/alpine-2.24+dfsg1/alpine/imap.c:4115:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SecKeychainAddGenericPassword(NULL, 0, NULL, strlen(TNAMEPROMPT), data/alpine-2.24+dfsg1/alpine/imap.c:4126:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { kSecAccountItemAttr, strlen(TNAME), TNAME } data/alpine-2.24+dfsg1/alpine/imap.c:4129:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { kSecAccountItemAttr, strlen(TNAMEPROMPT), TNAMEPROMPT } data/alpine-2.24+dfsg1/alpine/imap.c:4255:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = authtype ? strlen(authtype) : 0; data/alpine-2.24+dfsg1/alpine/init.c:78:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(ps->VAR_MAIL_DIRECTORY)); data/alpine-2.24+dfsg1/alpine/init.c:284:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path2, folder_base, sizeof(path2)-1); data/alpine-2.24+dfsg1/alpine/init.c:288:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(path2 + strlen(path2), sizeof(path2)-strlen(path2), "-%4.4d-%2.2d", month_to_use/12, data/alpine-2.24+dfsg1/alpine/init.c:288:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(path2 + strlen(path2), sizeof(path2)-strlen(path2), "-%4.4d-%2.2d", month_to_use/12, data/alpine-2.24+dfsg1/alpine/init.c:292:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, month_abbrev((month_to_use % 12)+1), 20); data/alpine-2.24+dfsg1/alpine/init.c:299:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(path2); data/alpine-2.24+dfsg1/alpine/init.c:307:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(path2 + strlen(path2), sizeof(path2)-strlen(path2), "-%.20s-%d", tmp, month_to_use/12); data/alpine-2.24+dfsg1/alpine/init.c:307:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(path2 + strlen(path2), sizeof(path2)-strlen(path2), "-%.20s-%d", tmp, month_to_use/12); data/alpine-2.24+dfsg1/alpine/kblock.c:141:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(inpasswd, pw, sizeof(inpasswd)); data/alpine-2.24+dfsg1/alpine/keymenu.c:3105:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(k->label[0] == '[' && k->label[(l=strlen(k->label))-1] == ']' && l > 2){ data/alpine-2.24+dfsg1/alpine/keymenu.c:3109:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp_label, &k->label[1], MIN(sizeof(tmp_label),l-2)); data/alpine-2.24+dfsg1/alpine/keymenu.c:3115:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(this_label, _(k->label), sizeof(this_label)); data/alpine-2.24+dfsg1/alpine/keymenu.c:3129:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp_label, this_label, sizeof(tmp_label)); data/alpine-2.24+dfsg1/alpine/keymenu.c:3156:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(temp, repeat_char( data/alpine-2.24+dfsg1/alpine/keymenu.c:3170:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c = (fix_start ? 0 : k->column) + strlen(temp); data/alpine-2.24+dfsg1/alpine/keymenu.c:3175:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(temp, repeat_char(k->column, SPACE), sizeof(temp)); data/alpine-2.24+dfsg1/alpine/keymenu.c:3185:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(temp, k->name, sizeof(temp)); data/alpine-2.24+dfsg1/alpine/keymenu.c:3189:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(last_time->name, temp, 6*MAX_KEYNAME); data/alpine-2.24+dfsg1/alpine/keymenu.c:3193:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(keystr, temp, sizeof(keystr)); data/alpine-2.24+dfsg1/alpine/keymenu.c:3216:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(temp, this_label, sizeof(temp)-strlen(temp)-1); data/alpine-2.24+dfsg1/alpine/keymenu.c:3216:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(temp, this_label, sizeof(temp)-strlen(temp)-1); data/alpine-2.24+dfsg1/alpine/keymenu.c:3224:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(temp, temp2, sizeof(temp)); data/alpine-2.24+dfsg1/alpine/keymenu.c:3232:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(keystr, temp, sizeof(keystr)-strlen(keystr)-1); data/alpine-2.24+dfsg1/alpine/keymenu.c:3232:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(keystr, temp, sizeof(keystr)-strlen(keystr)-1); data/alpine-2.24+dfsg1/alpine/keymenu.c:3238:8: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(temp, repeat_char(max_column - c, SPACE), sizeof(temp)-strlen(temp)-1); data/alpine-2.24+dfsg1/alpine/keymenu.c:3238:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(temp, repeat_char(max_column - c, SPACE), sizeof(temp)-strlen(temp)-1); data/alpine-2.24+dfsg1/alpine/keymenu.c:3243:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(temp, data/alpine-2.24+dfsg1/alpine/keymenu.c:3244:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). repeat_char((k+2)->column - c, SPACE), sizeof(temp)-strlen(temp)-1); data/alpine-2.24+dfsg1/alpine/keymenu.c:3252:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(last_time->label, this_label, 6*MAX_LABEL); data/alpine-2.24+dfsg1/alpine/keymenu.c:3272:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(keystr); data/alpine-2.24+dfsg1/alpine/keymenu.c:3471:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(keytop->label[0] == '[' && keytop->label[(l=strlen(keytop->label))-1] == ']' && l > 2){ data/alpine-2.24+dfsg1/alpine/keymenu.c:3475:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp_label, &keytop->label[1], MIN(sizeof(tmp_label),l-2)); data/alpine-2.24+dfsg1/alpine/keymenu.c:3490:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(keybot->label[0] == '[' && keybot->label[(l=strlen(keybot->label))-1] == ']' && l > 2){ data/alpine-2.24+dfsg1/alpine/keymenu.c:3491:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp_label, &keybot->label[1], MIN(sizeof(tmp_label),l-2)); data/alpine-2.24+dfsg1/alpine/keymenu.c:4101:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(label); data/alpine-2.24+dfsg1/alpine/ldapconf.c:438:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(ee, "[ ", sizeof(ee)); data/alpine-2.24+dfsg1/alpine/ldapconf.c:445:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(ee+2, _("No Matches"), sizeof(ee)-2); data/alpine-2.24+dfsg1/alpine/ldapconf.c:450:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(ee, _(" -- Choose Exit ]"), sizeof(ee)-strlen(ee)-1); data/alpine-2.24+dfsg1/alpine/ldapconf.c:450:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(ee, _(" -- Choose Exit ]"), sizeof(ee)-strlen(ee)-1); data/alpine-2.24+dfsg1/alpine/ldapconf.c:638:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ? strlen(info->serv) data/alpine-2.24+dfsg1/alpine/ldapconf.c:639:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). : 3) + strlen(_(dserv)) + 15) * sizeof(char); data/alpine-2.24+dfsg1/alpine/ldapconf.c:842:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ? strlen(info->serv) data/alpine-2.24+dfsg1/alpine/ldapconf.c:843:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). : 3) + strlen(_(dserv)) + 15) * sizeof(char); data/alpine-2.24+dfsg1/alpine/ldapconf.c:1114:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ? strlen(info->serv) data/alpine-2.24+dfsg1/alpine/ldapconf.c:1115:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). : 3) + strlen(_(dserv)) + 15) * sizeof(char); data/alpine-2.24+dfsg1/alpine/listsel.c:107:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = lv + 4 + strlen(display); data/alpine-2.24+dfsg1/alpine/listsel.c:148:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = lv + strlen(display); data/alpine-2.24+dfsg1/alpine/mailcmd.c:701:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nextfolder, state->cur_folder, sizeof(nextfolder)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:705:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(prompt, _(". Press TAB for next folder."), data/alpine-2.24+dfsg1/alpine/mailcmd.c:708:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(prompt, _(". No more folders to TAB to."), data/alpine-2.24+dfsg1/alpine/mailcmd.c:1068:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nextfolder, state->cur_folder, sizeof(nextfolder)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:1136:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(type, data/alpine-2.24+dfsg1/alpine/mailcmd.c:1158:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need = strlen(front)+1 + strlen(type)+1 + data/alpine-2.24+dfsg1/alpine/mailcmd.c:1158:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need = strlen(front)+1 + strlen(type)+1 + data/alpine-2.24+dfsg1/alpine/mailcmd.c:1159:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(nextfolder)+2 + strlen(cnt) + data/alpine-2.24+dfsg1/alpine/mailcmd.c:1159:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(nextfolder)+2 + strlen(cnt) + data/alpine-2.24+dfsg1/alpine/mailcmd.c:1162:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). take_back = strlen(type); data/alpine-2.24+dfsg1/alpine/mailcmd.c:1163:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(type, data/alpine-2.24+dfsg1/alpine/mailcmd.c:1166:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). take_back -= strlen(type); data/alpine-2.24+dfsg1/alpine/mailcmd.c:1169:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need -= strlen(cnt); data/alpine-2.24+dfsg1/alpine/mailcmd.c:1179:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(nextfolder) - data/alpine-2.24+dfsg1/alpine/mailcmd.c:1822:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(_("User-defined Keywords from Setup/Config")); data/alpine-2.24+dfsg1/alpine/mailcmd.c:1838:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(kw->kw)+2; data/alpine-2.24+dfsg1/alpine/mailcmd.c:1840:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(fp->comment, l+1, "(%.*s)", (int) strlen(kw->kw), kw->kw); data/alpine-2.24+dfsg1/alpine/mailcmd.c:1857:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(_("Other keywords in the mailbox that are not user-defined")); data/alpine-2.24+dfsg1/alpine/mailcmd.c:2560:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lennick = MIN(strlen(cntxt->nickname), 500); data/alpine-2.24+dfsg1/alpine/mailcmd.c:2561:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenfldr = MIN(strlen(newfolder), 500); data/alpine-2.24+dfsg1/alpine/mailcmd.c:2562:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need = 27 + strlen(long2string(mn_get_cur(msgmap))) + data/alpine-2.24+dfsg1/alpine/mailcmd.c:2594:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenfldr = MIN(strlen(newfolder), 500); data/alpine-2.24+dfsg1/alpine/mailcmd.c:2595:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need = 28 + strlen(long2string(mn_get_cur(msgmap))) + data/alpine-2.24+dfsg1/alpine/mailcmd.c:2598:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need -= strlen(f); data/alpine-2.24+dfsg1/alpine/mailcmd.c:2619:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(tmp_20k_buf, " and deleted", SIZEOF_20KBUF-strlen(tmp_20k_buf)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:2619:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tmp_20k_buf, " and deleted", SIZEOF_20KBUF-strlen(tmp_20k_buf)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:2887:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(state->ttyo->screen_cols < strlen(prompt) + MIN_OPT_ENT_WIDTH && deltext){ data/alpine-2.24+dfsg1/alpine/mailcmd.c:2904:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(state->ttyo->screen_cols < strlen(prompt) + MIN_OPT_ENT_WIDTH && *nmsgs){ data/alpine-2.24+dfsg1/alpine/mailcmd.c:2957:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nfldr, folder, len_nfldr-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:2967:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name = nfldr, expanded, len_nfldr-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:2981:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name = nfldr, fullname, len_nfldr-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:2998:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, name, sizeof(tmp)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:3000:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(tmp[(l = strlen(tmp)) - 1] != tc->dir->delim){ data/alpine-2.24+dfsg1/alpine/mailcmd.c:3003:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(&tmp[l+1], "[]", sizeof(tmp)-(l+1)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:3007:10: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(tmp, "[]", sizeof(tmp)-strlen(tmp)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:3007:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tmp, "[]", sizeof(tmp)-strlen(tmp)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:3027:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, name, sizeof(tmp)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:3035:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name = nfldr, fullname, len_nfldr-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:3137:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nfldr, p, len_nfldr); data/alpine-2.24+dfsg1/alpine/mailcmd.c:3149:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nfldr, p, len_nfldr); data/alpine-2.24+dfsg1/alpine/mailcmd.c:3173:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ps_global->last_save_folder, nfldr, sizeof(ps_global->last_save_folder)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:3179:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nfldr, folder, len_nfldr-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:3187:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nfldr, p, len_nfldr-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:3217:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). folder, (strlen(folder) > 15) ? "..." : ""); data/alpine-2.24+dfsg1/alpine/mailcmd.c:3224:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). folder, (strlen(folder) > 15) ? "..." : "", data/alpine-2.24+dfsg1/alpine/mailcmd.c:3226:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(context->nickname) > 15) ? "..." : ""); data/alpine-2.24+dfsg1/alpine/mailcmd.c:3231:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). folder, strlen(folder) > 40 ? "..." : ""); data/alpine-2.24+dfsg1/alpine/mailcmd.c:3456:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). charcnt = strlen(temp)+1; data/alpine-2.24+dfsg1/alpine/mailcmd.c:3460:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(temp, folder, sizeof(temp)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:3860:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(full_filename) + strlen(".d") + 1 > sizeof(dir)){ data/alpine-2.24+dfsg1/alpine/mailcmd.c:3860:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(full_filename) + strlen(".d") + 1 > sizeof(dir)){ data/alpine-2.24+dfsg1/alpine/mailcmd.c:3882:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(full_filename) + strlen(".d") + 1 + data/alpine-2.24+dfsg1/alpine/mailcmd.c:3882:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(full_filename) + strlen(".d") + 1 + data/alpine-2.24+dfsg1/alpine/mailcmd.c:3883:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). 1 + strlen(long2string((long) tries)) > sizeof(dir)){ data/alpine-2.24+dfsg1/alpine/mailcmd.c:3946:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(dir) + strlen(S_FILESEP) + strlen(lfile) + 1 data/alpine-2.24+dfsg1/alpine/mailcmd.c:3946:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(dir) + strlen(S_FILESEP) + strlen(lfile) + 1 data/alpine-2.24+dfsg1/alpine/mailcmd.c:3946:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(dir) + strlen(S_FILESEP) + strlen(lfile) + 1 data/alpine-2.24+dfsg1/alpine/mailcmd.c:3967:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(dir) + strlen(S_FILESEP) + strlen(lfile) + strlen(filename) + 2 data/alpine-2.24+dfsg1/alpine/mailcmd.c:3967:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(dir) + strlen(S_FILESEP) + strlen(lfile) + strlen(filename) + 2 data/alpine-2.24+dfsg1/alpine/mailcmd.c:3967:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(dir) + strlen(S_FILESEP) + strlen(lfile) + strlen(filename) + 2 data/alpine-2.24+dfsg1/alpine/mailcmd.c:3967:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(dir) + strlen(S_FILESEP) + strlen(lfile) + strlen(filename) + 2 data/alpine-2.24+dfsg1/alpine/mailcmd.c:4098:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ? strlen((char *)srctext) data/alpine-2.24+dfsg1/alpine/mailcmd.c:4299:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename, tmp_20k_buf, len); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4344:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir, VAR_OPER_DIR, sizeof(dir)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4349:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir, VAR_FILE_DIR, sizeof(dir)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4358:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(orig_dir, dir, sizeof(orig_dir)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4362:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(precolon, dir, sizeof(precolon)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4365:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(def, deefault, sizeof(def)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4385:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l1 = strlen(p1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4387:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(p2, prompt_msg ? prompt_msg : "", sizeof(p2)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4389:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l2 = strlen(p2); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4396:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l3 = strlen(p3); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4406:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l4 = strlen(p4); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4413:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l5 = strlen(p5); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4424:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l4 = strlen(p4); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4434:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l5 = strlen(p5); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4445:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(p2, p, sizeof(p2)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4449:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l2 = strlen(p2); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4453:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(p1, "Copy ", sizeof(p1)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4455:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l1 = strlen(p1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4465:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l5 = strlen(p5); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4469:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(needed <= l3 - strlen(" (+ atts)")) data/alpine-2.24+dfsg1/alpine/mailcmd.c:4471:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(needed <= l3 - strlen(" (atts)")) data/alpine-2.24+dfsg1/alpine/mailcmd.c:4473:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(needed <= l3 - strlen(" (+)")) data/alpine-2.24+dfsg1/alpine/mailcmd.c:4475:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(needed <= l3 - strlen("+")) data/alpine-2.24+dfsg1/alpine/mailcmd.c:4480:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l3 = strlen(p3); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4547:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir, precolon, sizeof(dir)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4555:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir, precolon, sizeof(dir)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4563:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir, precolon, sizeof(dir)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4573:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, filename, sizeof(tmp)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4577:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strncmp(tmp,postcolon, strlen(postcolon))) data/alpine-2.24+dfsg1/alpine/mailcmd.c:4582:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename2, fn, sizeof(filename2)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4585:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir2, tmp, MIN(fn - tmp, sizeof(dir2)-1)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4593:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(postcolon, dir2, sizeof(postcolon)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4605:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(postcolon, full_filename, sizeof(postcolon)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4618:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir2, tmp, sizeof(dir2)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4624:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(postcolon,dir2,sizeof(postcolon)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4632:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename2, tmp, sizeof(filename2)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4639:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir2, ps->home_dir, sizeof(dir2)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4643:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir2, dir, sizeof(dir2)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4654:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(full_filename[strlen(full_filename)-1] == C_FILESEP data/alpine-2.24+dfsg1/alpine/mailcmd.c:4656:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(full_filename) == 1) data/alpine-2.24+dfsg1/alpine/mailcmd.c:4657:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(postcolon, full_filename, sizeof(postcolon)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4659:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(postcolon, filename2, sizeof(postcolon)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4661:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir2, full_filename, sizeof(dir2)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4666:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(full_filename[strlen(full_filename)-1] == C_FILESEP){ data/alpine-2.24+dfsg1/alpine/mailcmd.c:4667:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(postcolon, filename2, sizeof(postcolon)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4669:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir2, full_filename, sizeof(dir2)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4674:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(dir2[strlen(dir2)-1] == C_FILESEP && strlen(dir2)!=1 data/alpine-2.24+dfsg1/alpine/mailcmd.c:4674:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(dir2[strlen(dir2)-1] == C_FILESEP && strlen(dir2)!=1 data/alpine-2.24+dfsg1/alpine/mailcmd.c:4678:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dir2[strlen(dir2)-1] = '\0'; data/alpine-2.24+dfsg1/alpine/mailcmd.c:4694:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(precolon, dir2, sizeof(precolon)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4697:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(postcolon, filename2, sizeof(postcolon)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4702:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir, full_filename, sizeof(dir)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4708:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir, full_filename, data/alpine-2.24+dfsg1/alpine/mailcmd.c:4720:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename, fn, len-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4727:8: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(postcolon, filename2, data/alpine-2.24+dfsg1/alpine/mailcmd.c:4728:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(postcolon)-1-strlen(postcolon)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4738:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename, postcolon, len-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4740:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir, precolon, sizeof(dir)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4829:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir, p, MIN(fn - p, sizeof(dir)-1)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4833:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename, fn, len-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4837:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir, p, sizeof(dir)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4854:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename, tmp_20k_buf, len); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4872:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename, def, len-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4895:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(full_filename, filename, len-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4946:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r = strlen(filename); data/alpine-2.24+dfsg1/alpine/mailcmd.c:4971:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r = strlen(filename); data/alpine-2.24+dfsg1/alpine/mailcmd.c:5009:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, full_filename, MAXPATH); data/alpine-2.24+dfsg1/alpine/mailcmd.c:5049:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). p = strncpy(cmd, prefix, cmdlen); data/alpine-2.24+dfsg1/alpine/mailcmd.c:5058:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). p = strncpy(cmd, cfg_str, cmdlen); data/alpine-2.24+dfsg1/alpine/mailcmd.c:5066:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(cmd+strlen(cmd), cmdlen-strlen(cmd), " %s", fname); data/alpine-2.24+dfsg1/alpine/mailcmd.c:5066:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(cmd+strlen(cmd), cmdlen-strlen(cmd), " %s", fname); data/alpine-2.24+dfsg1/alpine/mailcmd.c:5251:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(jump_num_string, long2string(closest), data/alpine-2.24+dfsg1/alpine/mailcmd.c:5291:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nextfolder, state->cur_folder, sizeof(nextfolder)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:5566:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, long2string(closest), sizeof(buf)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:5570:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(warning, "Nothing to jump to", warninglen); data/alpine-2.24+dfsg1/alpine/mailcmd.c:5786:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *)f1, (char *)f2, sizeof(newfolder)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:5795:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(newfolder, (char *)f2, sizeof(newfolder)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:5822:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name = newfolder, expanded, sizeof(newfolder)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:5829:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name = newfolder, fullname, sizeof(newfolder)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:5851:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, name, sizeof(tmp)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:5853:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(tmp[(l = strlen(tmp)) - 1] != tc->dir->delim){ data/alpine-2.24+dfsg1/alpine/mailcmd.c:5856:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(&tmp[l+1], "[]", sizeof(tmp)-(l+1)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:5860:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(tmp, "[]", sizeof(tmp)-strlen(tmp)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:5860:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tmp, "[]", sizeof(tmp)-strlen(tmp)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:5918:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(newfolder, last_folder, sizeof(newfolder)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:5982:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(newfolder, ps_global->inbox_name, sizeof(newfolder)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:5994:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(newfolder, p, sizeof(newfolder)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:6006:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(newfolder, p, sizeof(newfolder)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:6028:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(expanded, newfolder, sizeof(expanded)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:6149:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new, old, newlen-(new-orignew)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:6396:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pipe_command, p, sizeof(pipe_command)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:6523:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pipe_command, p, sizeof(pipe_command)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:6544:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pipe_command, p, sizeof(pipe_command)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:7718:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen("end"); data/alpine-2.24+dfsg1/alpine/mailcmd.c:7757:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen("end"); data/alpine-2.24+dfsg1/alpine/mailcmd.c:7789:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(t, long2string(n1), sizeof(t)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:7890:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen("end"); data/alpine-2.24+dfsg1/alpine/mailcmd.c:7932:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen("end"); data/alpine-2.24+dfsg1/alpine/mailcmd.c:7966:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(t, long2string(n1), sizeof(t)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:8077:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(seq, data/alpine-2.24+dfsg1/alpine/mailcmd.c:8084:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(seq, long2string(rawno), data/alpine-2.24+dfsg1/alpine/mailcmd.c:8118:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(date, defdate, sizeof(date)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:8208:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, sel_x_gm_ext, sizeof(tmp)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:8236:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && isspace((unsigned char) namehdr[strlen(namehdr) - 1])) data/alpine-2.24+dfsg1/alpine/mailcmd.c:8359:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(tmp, "Name of HEADER to match : ", sizeof(tmp)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:8376:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (namehdr[strlen(namehdr) - 1] == ':')) data/alpine-2.24+dfsg1/alpine/mailcmd.c:8377:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namehdr[strlen(namehdr) - 1] = '\0'; data/alpine-2.24+dfsg1/alpine/mailcmd.c:8379:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && isspace((unsigned char) namehdr[strlen(namehdr) - 1])) data/alpine-2.24+dfsg1/alpine/mailcmd.c:8527:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sstring, p, sizeof(sstring)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:8543:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sstring, p, sizeof(sstring)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:8873:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rulenick, nick, sizeof(rulenick)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:9079:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(keyword, kword, sizeof(keyword)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:9104:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(keyword, p, sizeof(keyword)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:9115:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(keyword, p, sizeof(keyword)-1); data/alpine-2.24+dfsg1/alpine/mailcmd.c:9123:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pgm->unkeyword->text.size = strlen(keyword); data/alpine-2.24+dfsg1/alpine/mailcmd.c:9128:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pgm->keyword->text.size = strlen(keyword); data/alpine-2.24+dfsg1/alpine/mailcmd.c:9629:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(prompt, _("Choose type of sort : "), sizeof(prompt)); data/alpine-2.24+dfsg1/alpine/mailcmd.c:9631:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(prompt, _("Choose type of sort, or 'R' to reverse current sort : "), data/alpine-2.24+dfsg1/alpine/mailindx.c:2981:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(search_string, p, sizeof(search_string)); data/alpine-2.24+dfsg1/alpine/mailindx.c:3084:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new_string, p, sizeof(new_string)); data/alpine-2.24+dfsg1/alpine/mailindx.c:3094:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new_string, p, sizeof(new_string)); data/alpine-2.24+dfsg1/alpine/mailindx.c:3119:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new_string, search_string, sizeof(new_string)); data/alpine-2.24+dfsg1/alpine/mailindx.c:3123:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(search_string, new_string, sizeof(search_string)); data/alpine-2.24+dfsg1/alpine/mailindx.c:3412:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *l = strlen((char *)so_text(so)); data/alpine-2.24+dfsg1/alpine/mailindx.c:3639:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(title, "Alpine MESSAGE INDEX Help", 256); data/alpine-2.24+dfsg1/alpine/mailindx.c:3652:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(title, "Alpine SELECT MESSAGE Help", 256); data/alpine-2.24+dfsg1/alpine/mailpart.c:319:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buftmp, q, sizeof(buftmp)); data/alpine-2.24+dfsg1/alpine/mailpart.c:754:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, last, sizeof(buf)); data/alpine-2.24+dfsg1/alpine/mailpart.c:786:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(last, buf, sizeof(last)); data/alpine-2.24+dfsg1/alpine/mailpart.c:800:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = current ? strlen(current->attp->number) : 0; data/alpine-2.24+dfsg1/alpine/mailpart.c:818:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = current ? strlen(current->attp->number) : 0; data/alpine-2.24+dfsg1/alpine/mailpart.c:1033:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). totlen = strlen(ctmp->dstring); data/alpine-2.24+dfsg1/alpine/mailpart.c:1140:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cbuf, titlecolor->fg, sizeof(cbuf)); data/alpine-2.24+dfsg1/alpine/mailpart.c:1142:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(titlecolor->fg, titlecolor->bg, MAXCOLORLEN); data/alpine-2.24+dfsg1/alpine/mailpart.c:1144:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(titlecolor->bg, cbuf, MAXCOLORLEN); data/alpine-2.24+dfsg1/alpine/mailpart.c:1652:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && !strncmp(a->number, ap->number, strlen(a->number)); data/alpine-2.24+dfsg1/alpine/mailpart.c:1672:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && !strncmp(a->number, ap->number, strlen(a->number)); data/alpine-2.24+dfsg1/alpine/mailpart.c:1863:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && !strncmp(a->number, ap->number, strlen(a->number)) data/alpine-2.24+dfsg1/alpine/mailpart.c:1981:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && !strncmp(a->number, ap->number, strlen(a->number)); data/alpine-2.24+dfsg1/alpine/mailpart.c:2042:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir_path, ps_global->html_dir, sizeof(dir_path)); data/alpine-2.24+dfsg1/alpine/mailpart.c:2131:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). file_path = fs_get((strlen(filename) + strlen("file://") + 1)*sizeof(char)); data/alpine-2.24+dfsg1/alpine/mailpart.c:2131:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). file_path = fs_get((strlen(filename) + strlen("file://") + 1)*sizeof(char)); data/alpine-2.24+dfsg1/alpine/mailpart.c:2252:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(a->body->subtype) > 12 ? "..." : "", data/alpine-2.24+dfsg1/alpine/mailpart.c:2266:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(mtype, body_type_names(a->body->type), sizeof(mtype)); data/alpine-2.24+dfsg1/alpine/mailpart.c:2269:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(mtype, "/", sizeof(mtype)-strlen(mtype)-1); data/alpine-2.24+dfsg1/alpine/mailpart.c:2269:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(mtype, "/", sizeof(mtype)-strlen(mtype)-1); data/alpine-2.24+dfsg1/alpine/mailpart.c:2271:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(mtype, a->body->subtype, sizeof(mtype)-strlen(mtype)-1); data/alpine-2.24+dfsg1/alpine/mailpart.c:2271:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(mtype, a->body->subtype, sizeof(mtype)-strlen(mtype)-1); data/alpine-2.24+dfsg1/alpine/mailpart.c:2287:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ext, extp, sizeof(ext)); data/alpine-2.24+dfsg1/alpine/mailpart.c:2320:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(prefix) > 9){ data/alpine-2.24+dfsg1/alpine/mailpart.c:2591:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && !strncmp(a->number, ap->number, strlen(a->number)) data/alpine-2.24+dfsg1/alpine/mailpart.c:3090:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). caltext = rfc822_base64(b64text, strlen(b64text), &callen); data/alpine-2.24+dfsg1/alpine/mailpart.c:3533:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). template_len = strlen(filtered); data/alpine-2.24+dfsg1/alpine/mailpart.c:3653:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). template_len = strlen(filtered); data/alpine-2.24+dfsg1/alpine/mailpart.c:4040:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pipe_command, p, sizeof(pipe_command)); data/alpine-2.24+dfsg1/alpine/mailpart.c:4121:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pipe_command, p, sizeof(pipe_command)); data/alpine-2.24+dfsg1/alpine/mailpart.c:4135:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pipe_command, p, sizeof(pipe_command)); data/alpine-2.24+dfsg1/alpine/mailpart.c:4412:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen((char *) so_text(store)), data/alpine-2.24+dfsg1/alpine/mailpart.c:4445:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen((char *) so_text(store)), data/alpine-2.24+dfsg1/alpine/mailview.c:877:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(handle->h.url.path+7) > MAX(0,sc-(role ? 44 :25))) ? "..." : ""); data/alpine-2.24+dfsg1/alpine/mailview.c:881:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int) MIN(MAX(0,sc - strlen(prompt) - 19), sizeof(prompt)-strlen(tmp)-50), role->nick, data/alpine-2.24+dfsg1/alpine/mailview.c:881:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int) MIN(MAX(0,sc - strlen(prompt) - 19), sizeof(prompt)-strlen(tmp)-50), role->nick, data/alpine-2.24+dfsg1/alpine/mailview.c:882:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(role->nick) > MAX(0,sc-strlen(prompt) - 19)) ? "..." : ""); data/alpine-2.24+dfsg1/alpine/mailview.c:882:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(role->nick) > MAX(0,sc-strlen(prompt) - 19)) ? "..." : ""); data/alpine-2.24+dfsg1/alpine/mailview.c:884:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(prompt, tmp, sizeof(prompt) - strlen(prompt) - 1); data/alpine-2.24+dfsg1/alpine/mailview.c:884:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(prompt, tmp, sizeof(prompt) - strlen(prompt) - 1); data/alpine-2.24+dfsg1/alpine/mailview.c:888:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(prompt, " ? ", sizeof(prompt) - strlen(prompt) - 1); data/alpine-2.24+dfsg1/alpine/mailview.c:888:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(prompt, " ? ", sizeof(prompt) - strlen(prompt) - 1); data/alpine-2.24+dfsg1/alpine/mailview.c:903:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ? ((strlen(handle->h.url.path) > MAX(0,sc-27 - (external ? (images > 0 ? 41 : 50) : 0))) data/alpine-2.24+dfsg1/alpine/mailview.c:951:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, handle->h.url.path, sizeof(tmp)-1); data/alpine-2.24+dfsg1/alpine/mailview.c:984:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, handle->h.url.tool, sizeof(tmp)-1); data/alpine-2.24+dfsg1/alpine/mailview.c:1614:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while(!((i = strlen(p)) data/alpine-2.24+dfsg1/alpine/mailview.c:1782:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(outgoing->subject); data/alpine-2.24+dfsg1/alpine/mailview.c:1785:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (len + strlen(sub) + 2) * sizeof(char)); data/alpine-2.24+dfsg1/alpine/mailview.c:1786:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(outgoing->subject + len, strlen(sub)+2, " %s", sub); data/alpine-2.24+dfsg1/alpine/mailview.c:1787:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). outgoing->subject[len + strlen(sub) + 2 - 1] = '\0'; data/alpine-2.24+dfsg1/alpine/mailview.c:1847:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). template_len = strlen(filtered); data/alpine-2.24+dfsg1/alpine/mailview.c:1940:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(newfolder) + 1 < MAILTMPLEN) data/alpine-2.24+dfsg1/alpine/mailview.c:2138:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(folder, "#news.", sizeof(folder)); data/alpine-2.24+dfsg1/alpine/mailview.c:2142:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). for(p = strncpy(folder + strlen(folder), url + 5, sizeof(folder)-strlen(folder)-1); data/alpine-2.24+dfsg1/alpine/mailview.c:2142:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(p = strncpy(folder + strlen(folder), url + 5, sizeof(folder)-strlen(folder)-1); data/alpine-2.24+dfsg1/alpine/mailview.c:2142:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(p = strncpy(folder + strlen(folder), url + 5, sizeof(folder)-strlen(folder)-1); data/alpine-2.24+dfsg1/alpine/mailview.c:2168:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(folder, f->name, sizeof(folder)); data/alpine-2.24+dfsg1/alpine/mailview.c:2290:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = buf + strlen(buf); data/alpine-2.24+dfsg1/alpine/mailview.c:2318:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *p = strlen(p + 1); data/alpine-2.24+dfsg1/alpine/mailview.c:3728:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(search_string, p, sizeof(search_string)); data/alpine-2.24+dfsg1/alpine/mailview.c:3777:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nsearch_string, p, sizeof(nsearch_string)); data/alpine-2.24+dfsg1/alpine/mailview.c:3787:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nsearch_string, p, sizeof(nsearch_string)); data/alpine-2.24+dfsg1/alpine/mailview.c:3806:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(search_string, nsearch_string, sizeof(search_string)-1); data/alpine-2.24+dfsg1/alpine/mailview.c:3872:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cbuf, titlecolor->fg, MAXCOLORLEN); data/alpine-2.24+dfsg1/alpine/mailview.c:3873:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(titlecolor->fg, titlecolor->bg, MAXCOLORLEN); data/alpine-2.24+dfsg1/alpine/mailview.c:3874:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(titlecolor->bg, cbuf, MAXCOLORLEN); data/alpine-2.24+dfsg1/alpine/mailview.c:4617:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp[1] = len = strlen(tmp+2); data/alpine-2.24+dfsg1/alpine/mailview.c:4677:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp[1] = len = strlen(tmp+2); data/alpine-2.24+dfsg1/alpine/mailview.c:4742:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). handle_str[2] = strlen(handle_str+3); data/alpine-2.24+dfsg1/alpine/mailview.c:4749:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ngname = ngp + strlen(handle_str); data/alpine-2.24+dfsg1/alpine/mailview.c:4859:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). start_index + strlen(word) - 2, data/alpine-2.24+dfsg1/alpine/mailview.c:4872:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). word, strlen(word), data/alpine-2.24+dfsg1/alpine/mailview.c:4908:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(haystack_copy, haystack, n); data/alpine-2.24+dfsg1/alpine/mailview.c:5097:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (i = strlen(msg_p[msg_q])) < MAX_SINGLE_MSG_LEN){ data/alpine-2.24+dfsg1/alpine/mailview.c:5098:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg_p[msg_q+1] = msg_p[msg_q]+strlen(msg_p[msg_q]); data/alpine-2.24+dfsg1/alpine/mailview.c:5504:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return((n >= strlen((char *)st->parms->text.text)) data/alpine-2.24+dfsg1/alpine/mailview.c:5534:11: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). || (c = fgetc((FILE *)st->parms->text.text)) == EOF) ? -1 : c); data/alpine-2.24+dfsg1/alpine/mailview.c:5672:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(title, (st->parms->help.title) data/alpine-2.24+dfsg1/alpine/newmail.c:308:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int) MIN(100, strlen(tmtxt)-1), tmtxt); data/alpine-2.24+dfsg1/alpine/newmail.c:309:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) write(fifofd, buf, strlen(buf)); data/alpine-2.24+dfsg1/alpine/newmail.c:315:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) write(fifofd, buf, strlen(buf)); data/alpine-2.24+dfsg1/alpine/newmail.c:318:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) write(fifofd, buf, strlen(buf)); data/alpine-2.24+dfsg1/alpine/newmail.c:331:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) write(fifofd, buf, strlen(buf)); data/alpine-2.24+dfsg1/alpine/osdep/chnge_pw.c:57:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cmd_buf, PASSWD_PROG, sizeof(cmd_buf)); data/alpine-2.24+dfsg1/alpine/osdep/debuging.c:82:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(newfname, filename, sizeof(newfname)-1); data/alpine-2.24+dfsg1/alpine/osdep/debuging.c:85:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(filename, nbuf, sizeof(filename)-1-strlen(filename)); data/alpine-2.24+dfsg1/alpine/osdep/debuging.c:85:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(filename, nbuf, sizeof(filename)-1-strlen(filename)); data/alpine-2.24+dfsg1/alpine/osdep/debuging.c:87:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(newfname, nbuf, sizeof(newfname)-1-strlen(newfname)); data/alpine-2.24+dfsg1/alpine/osdep/debuging.c:87:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(newfname, nbuf, sizeof(newfname)-1-strlen(newfname)); data/alpine-2.24+dfsg1/alpine/osdep/debuging.c:92:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(filename, "1", sizeof(filename)-1-strlen(filename)); data/alpine-2.24+dfsg1/alpine/osdep/debuging.c:92:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(filename, "1", sizeof(filename)-1-strlen(filename)); data/alpine-2.24+dfsg1/alpine/osdep/debuging.c:203:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(filename, nbuf, sizeof(filename)-1-strlen(filename)); data/alpine-2.24+dfsg1/alpine/osdep/debuging.c:203:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(filename, nbuf, sizeof(filename)-1-strlen(filename)); data/alpine-2.24+dfsg1/alpine/osdep/debuging.c:296:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((l = strlen(fmt)) > 2 && fmt[l-1] != '\n') data/alpine-2.24+dfsg1/alpine/osdep/execview.c:198:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = 32 + strlen(cmd) + strlen(image_file); data/alpine-2.24+dfsg1/alpine/osdep/execview.c:198:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = 32 + strlen(cmd) + strlen(image_file); data/alpine-2.24+dfsg1/alpine/osdep/execview.c:208:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p); data/alpine-2.24+dfsg1/alpine/osdep/execview.c:267:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = 32 + strlen(cmd) + strlen(image_file); data/alpine-2.24+dfsg1/alpine/osdep/execview.c:267:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = 32 + strlen(cmd) + strlen(image_file); data/alpine-2.24+dfsg1/alpine/osdep/execview.c:278:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p); data/alpine-2.24+dfsg1/alpine/osdep/fltrname.c:87:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(error, ill_char, sizeof(error)-1); data/alpine-2.24+dfsg1/alpine/osdep/fltrname.c:91:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ill_file, file, MIN(ptr-file,sizeof(ill_file)-1)); data/alpine-2.24+dfsg1/alpine/osdep/print.c:195:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(command, p, sizeof(command)-1); data/alpine-2.24+dfsg1/alpine/osdep/print.c:292:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(aname, ANSI_PRINTER, sizeof(aname)-1); data/alpine-2.24+dfsg1/alpine/osdep/print.c:294:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(aname, "-no-formfeed", sizeof(aname)-strlen(aname)-1); data/alpine-2.24+dfsg1/alpine/osdep/print.c:294:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(aname, "-no-formfeed", sizeof(aname)-strlen(aname)-1); data/alpine-2.24+dfsg1/alpine/osdep/print.c:295:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wname, WYSE_PRINTER, sizeof(wname)-1); data/alpine-2.24+dfsg1/alpine/osdep/print.c:297:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(wname, "-no-formfeed", sizeof(wname)-strlen(wname)-1); data/alpine-2.24+dfsg1/alpine/osdep/print.c:297:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(wname, "-no-formfeed", sizeof(wname)-strlen(wname)-1); data/alpine-2.24+dfsg1/alpine/osdep/print.c:324:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(trailer); data/alpine-2.24+dfsg1/alpine/osdep/print.c:500:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int slen = strlen(line); data/alpine-2.24+dfsg1/alpine/osdep/termin.gen.c:1033:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(utf8string, candidate, utf8string_size); data/alpine-2.24+dfsg1/alpine/osdep/termin.unx.c:729:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(pw) < string_size){ data/alpine-2.24+dfsg1/alpine/osdep/termin.unx.c:730:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(string, pw, string_size); data/alpine-2.24+dfsg1/alpine/osdep/termin.wnt.c:315:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(utf8string, utf8, utf8string_size); data/alpine-2.24+dfsg1/alpine/osdep/termout.gen.c:265:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(mtype, body_type_names(h->h.attach->body->type), sizeof(mtype)); data/alpine-2.24+dfsg1/alpine/osdep/termout.gen.c:268:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat (mtype, "/", sizeof(mtype)-strlen(mtype)-1); data/alpine-2.24+dfsg1/alpine/osdep/termout.gen.c:268:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat (mtype, "/", sizeof(mtype)-strlen(mtype)-1); data/alpine-2.24+dfsg1/alpine/osdep/termout.gen.c:270:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat (mtype, h->h.attach->body->subtype, sizeof(mtype)-strlen(mtype)-1); data/alpine-2.24+dfsg1/alpine/osdep/termout.gen.c:270:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat (mtype, h->h.attach->body->subtype, sizeof(mtype)-strlen(mtype)-1); data/alpine-2.24+dfsg1/alpine/osdep/termout.gen.c:279:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ext, extp, sizeof(ext)); data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:757:5: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(dlgpw.user, user_lptstr, userlen - 1); data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:764:5: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(dlgpw.pwd, pwd_lptstr, pwdlen - 1); data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:782:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(user_utf8, tuser_utf8, userlen - 1); data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:789:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*pwd_utf8, tpwd_utf8, pwdlen - 1); data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:903:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i += strlen(*args_text++); data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:1323:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, mbx+1, min(buflen, (int)(p - (mbx+1)))); data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:1480:8: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(tsrvr, "/user=", sizeof(tsrvr)-strlen(tsrvr)-1); data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:1480:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tsrvr, "/user=", sizeof(tsrvr)-strlen(tsrvr)-1); data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:1481:8: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(tsrvr, u, sizeof(tsrvr)-strlen(tsrvr)-1); data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:1481:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tsrvr, u, sizeof(tsrvr)-strlen(tsrvr)-1); data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:1484:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(tsrvr, "}inbox", sizeof(tsrvr)-strlen(tsrvr)-1); data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:1484:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tsrvr, "}inbox", sizeof(tsrvr)-strlen(tsrvr)-1); data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:1773:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((strlen(utf8_srvr) data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:1774:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(utf8_username) data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:1775:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(utf8_fldrname) data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:1820:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(utf8_fn) >= dlgcfg->confpathlen){ data/alpine-2.24+dfsg1/alpine/osdep/termout.wnt.c:1829:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dlgcfg->confpath, utf8_fn, dlgcfg->confpathlen); data/alpine-2.24+dfsg1/alpine/pattern.c:79:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(just_arg0, cmd_start, cmd_end - cmd_start); data/alpine-2.24+dfsg1/alpine/pine-use.c:111:24: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((c = getc(f)) != EOF) { data/alpine-2.24+dfsg1/alpine/pine-use.c:115:32: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((c = getc(f)) != EOF) { data/alpine-2.24+dfsg1/alpine/pine-use.c:127:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strncmp(&buf[strlen(buf) - 13], "(olivebranch)", 13) == 0) { data/alpine-2.24+dfsg1/alpine/print.c:237:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(ANSI_PRINTER)+strlen(no_ff); data/alpine-2.24+dfsg1/alpine/print.c:237:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(ANSI_PRINTER)+strlen(no_ff); data/alpine-2.24+dfsg1/alpine/print.c:262:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(WYSE_PRINTER)+strlen(no_ff); data/alpine-2.24+dfsg1/alpine/print.c:262:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(WYSE_PRINTER)+strlen(no_ff); data/alpine-2.24+dfsg1/alpine/print.c:547:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(p) + 60; data/alpine-2.24+dfsg1/alpine/print.c:580:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(aname, ANSI_PRINTER, sizeof(aname)-1); data/alpine-2.24+dfsg1/alpine/print.c:582:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(aname, no_ff, sizeof(aname)-strlen(aname)-1); data/alpine-2.24+dfsg1/alpine/print.c:582:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(aname, no_ff, sizeof(aname)-strlen(aname)-1); data/alpine-2.24+dfsg1/alpine/print.c:583:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wname, WYSE_PRINTER, sizeof(wname)-1); data/alpine-2.24+dfsg1/alpine/print.c:585:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(wname, no_ff, sizeof(wname)-strlen(wname)-1); data/alpine-2.24+dfsg1/alpine/print.c:585:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(wname, no_ff, sizeof(wname)-strlen(wname)-1); data/alpine-2.24+dfsg1/alpine/print.c:739:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(prompt, _("Enter printer name : "), sizeof(prompt)); data/alpine-2.24+dfsg1/alpine/print.c:753:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(prompt, _("Replace or Add To default value ? "), sizeof(prompt)); data/alpine-2.24+dfsg1/alpine/print.c:771:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(prompt, _("Enter name of printer to be added : "), sizeof(prompt)); data/alpine-2.24+dfsg1/alpine/print.c:777:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(prompt, _("Enter the name for replacement printer : "), sizeof(prompt)); data/alpine-2.24+dfsg1/alpine/print.c:790:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(prompt, _("Enter name of printer to be added : "), sizeof(prompt)); data/alpine-2.24+dfsg1/alpine/print.c:836:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(prompt, "Enter port or |command : ", sizeof(prompt)); data/alpine-2.24+dfsg1/alpine/print.c:838:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(prompt, _("Enter command for printer : "), sizeof(prompt)); data/alpine-2.24+dfsg1/alpine/print.c:865:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(name) + 4 + strlen(sval); data/alpine-2.24+dfsg1/alpine/print.c:865:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(name) + 4 + strlen(sval); data/alpine-2.24+dfsg1/alpine/print.c:993:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(prompt, _("Change Name or Command or Options ? "), sizeof(prompt)); data/alpine-2.24+dfsg1/alpine/print.c:1008:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(prompt, _("Change command : "), sizeof(prompt)); data/alpine-2.24+dfsg1/alpine/print.c:1010:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sval, p ? p : "", sizeof(sval)-1); data/alpine-2.24+dfsg1/alpine/print.c:1035:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(all_but_cmd) + strlen(sval); data/alpine-2.24+dfsg1/alpine/print.c:1035:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(all_but_cmd) + strlen(sval); data/alpine-2.24+dfsg1/alpine/print.c:1071:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(prompt, _("Change name : "), sizeof(prompt)); data/alpine-2.24+dfsg1/alpine/print.c:1073:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, p ? p : "", sizeof(name)); data/alpine-2.24+dfsg1/alpine/print.c:1093:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(name) + 1 + ((*all_but_nick == '[') ? 0 : 3) + strlen(all_but_nick); data/alpine-2.24+dfsg1/alpine/print.c:1093:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(name) + 1 + ((*all_but_nick == '[') ? 0 : 3) + strlen(all_but_nick); data/alpine-2.24+dfsg1/alpine/print.c:1131:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(prompt, _("Change Init string or Trailer string ? "), sizeof(prompt)); data/alpine-2.24+dfsg1/alpine/print.c:1151:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sval, (j == 'i') ? init : trailer, sizeof(sval)-1); data/alpine-2.24+dfsg1/alpine/print.c:1155:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sval, tmp, sizeof(sval)-1); data/alpine-2.24+dfsg1/alpine/print.c:1185:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(nick) + 1 + 2 + strlen("INIT=") + strlen(init) + 1 + strlen("TRAILER=") + strlen(trailer)+ 1 + strlen(p); data/alpine-2.24+dfsg1/alpine/print.c:1185:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(nick) + 1 + 2 + strlen("INIT=") + strlen(init) + 1 + strlen("TRAILER=") + strlen(trailer)+ 1 + strlen(p); data/alpine-2.24+dfsg1/alpine/print.c:1185:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(nick) + 1 + 2 + strlen("INIT=") + strlen(init) + 1 + strlen("TRAILER=") + strlen(trailer)+ 1 + strlen(p); data/alpine-2.24+dfsg1/alpine/print.c:1185:72: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(nick) + 1 + 2 + strlen("INIT=") + strlen(init) + 1 + strlen("TRAILER=") + strlen(trailer)+ 1 + strlen(p); data/alpine-2.24+dfsg1/alpine/print.c:1185:93: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(nick) + 1 + 2 + strlen("INIT=") + strlen(init) + 1 + strlen("TRAILER=") + strlen(trailer)+ 1 + strlen(p); data/alpine-2.24+dfsg1/alpine/print.c:1185:114: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(nick) + 1 + 2 + strlen("INIT=") + strlen(init) + 1 + strlen("TRAILER=") + strlen(trailer)+ 1 + strlen(p); data/alpine-2.24+dfsg1/alpine/print.c:1278:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = (char *)fs_get((2+6*22+1+strlen(cmd)) * sizeof(char)); data/alpine-2.24+dfsg1/alpine/print.c:1279:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). utf8_snprintf(ret, 2+6*22+1+strlen(cmd), "\"%.21w\"%*s%s", data/alpine-2.24+dfsg1/alpine/radio.c:63:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(question) + 3 < WANT_TO_BUF){ data/alpine-2.24+dfsg1/alpine/radio.c:153:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(question) + 4; data/alpine-2.24+dfsg1/alpine/radio.c:202:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(question) + 5; data/alpine-2.24+dfsg1/alpine/radio.c:204:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(q2, question, l); data/alpine-2.24+dfsg1/alpine/radio.c:207:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(q2, "? ", l+1 - strlen(q2) - 1); data/alpine-2.24+dfsg1/alpine/radio.c:207:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(q2, "? ", l+1 - strlen(q2) - 1); data/alpine-2.24+dfsg1/alpine/radio.c:420:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(esc_list[i-start].label) + 2; data/alpine-2.24+dfsg1/alpine/radio.c:444:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(esc_list[i-start].label) + 2; data/alpine-2.24+dfsg1/alpine/radio.c:907:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmpq = (char *) fs_get((len=(strlen(q)+1)) * sizeof(char)); data/alpine-2.24+dfsg1/alpine/remote.c:185:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p); data/alpine-2.24+dfsg1/alpine/remote.c:213:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p); data/alpine-2.24+dfsg1/alpine/remote.c:278:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pinerc_dir, prcn, MIN(to_copy, sizeof(pinerc_dir)-1)); data/alpine-2.24+dfsg1/alpine/remote.c:294:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q = p + strlen(pinerc_dir) + 1; data/alpine-2.24+dfsg1/alpine/reply.c:479:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). template_len = strlen(filtered); data/alpine-2.24+dfsg1/alpine/reply.c:1185:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, *prefix, sizeof(buf)-1); data/alpine-2.24+dfsg1/alpine/reply.c:1357:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(sig_path[(len=strlen(sig_path))-1] == '|'){ data/alpine-2.24+dfsg1/alpine/reply.c:1469:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sigsize = strlen(tmp_sig); data/alpine-2.24+dfsg1/alpine/reply.c:1617:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). template_len = strlen(filtered); data/alpine-2.24+dfsg1/alpine/reply.c:1928:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gf_set_readc(&gc,text,(source == CharStar) ? strlen((char *)text) : 0L, data/alpine-2.24+dfsg1/alpine/reply.c:2150:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sig_path, rd->lf, sizeof(sig_path)-1); data/alpine-2.24+dfsg1/alpine/reply.c:2183:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(VAR_OPER_DIR) + 100; data/alpine-2.24+dfsg1/alpine/reply.c:2635:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(s, ps_global->pinerc, MIN(n-1,lc-ps_global->pinerc)); data/alpine-2.24+dfsg1/alpine/reply.c:2639:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(s, ".\\", n-1); data/alpine-2.24+dfsg1/alpine/reply.c:2645:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(s, ps_global->home_dir, n-1); data/alpine-2.24+dfsg1/alpine/roleconf.c:355:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). role_type_print(title+strlen(title), sizeof(title)-strlen(title), "%sRULES", rflags); data/alpine-2.24+dfsg1/alpine/roleconf.c:355:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). role_type_print(title+strlen(title), sizeof(title)-strlen(title), "%sRULES", rflags); data/alpine-2.24+dfsg1/alpine/roleconf.c:600:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(specific_fldr, ps_global->inbox_name, sizeof(specific_fldr)-1); data/alpine-2.24+dfsg1/alpine/roleconf.c:604:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(specific_fldr, ps->cur_folder, sizeof(specific_fldr)-1); data/alpine-2.24+dfsg1/alpine/roleconf.c:890:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(patline->filename) + 100; data/alpine-2.24+dfsg1/alpine/roleconf.c:938:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(patline->filename) + 100; data/alpine-2.24+dfsg1/alpine/roleconf.c:1311:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(oldnick)+strlen(CLONEWORD); data/alpine-2.24+dfsg1/alpine/roleconf.c:1311:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(oldnick)+strlen(CLONEWORD); data/alpine-2.24+dfsg1/alpine/roleconf.c:1313:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(defpat->patgrp->nick, oldnick, len); data/alpine-2.24+dfsg1/alpine/roleconf.c:1315:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(defpat->patgrp->nick, CLONEWORD, data/alpine-2.24+dfsg1/alpine/roleconf.c:1316:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len+1-1-strlen(defpat->patgrp->nick)); data/alpine-2.24+dfsg1/alpine/roleconf.c:1912:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pdir, VAR_OPER_DIR, sizeof(pdir)-1); data/alpine-2.24+dfsg1/alpine/roleconf.c:1914:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(pdir) + 1; data/alpine-2.24+dfsg1/alpine/roleconf.c:1917:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pdir, ps->pinerc, MIN(sizeof(pdir)-1,lc-ps->pinerc)); data/alpine-2.24+dfsg1/alpine/roleconf.c:1919:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(pdir); data/alpine-2.24+dfsg1/alpine/roleconf.c:1922:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir2, pdir, sizeof(dir2)-1); data/alpine-2.24+dfsg1/alpine/roleconf.c:1959:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!strncmp(full_filename, pdir, strlen(pdir))) data/alpine-2.24+dfsg1/alpine/roleconf.c:3406:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(rolecolor_vars[1].name + 3, "back", 4); data/alpine-2.24+dfsg1/alpine/roleconf.c:3666:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = (char *) fs_get(strlen(fn) + strlen(" pattern") + 1); data/alpine-2.24+dfsg1/alpine/roleconf.c:3666:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = (char *) fs_get(strlen(fn) + strlen(" pattern") + 1); data/alpine-2.24+dfsg1/alpine/roleconf.c:3667:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(p, strlen(fn) + strlen(" pattern") + 1, "%s pattern", fn); data/alpine-2.24+dfsg1/alpine/roleconf.c:3667:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(p, strlen(fn) + strlen(" pattern") + 1, "%s pattern", fn); data/alpine-2.24+dfsg1/alpine/roleconf.c:3668:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p[strlen(fn) + strlen(" pattern") + 1 - 1] = '\0'; data/alpine-2.24+dfsg1/alpine/roleconf.c:3668:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p[strlen(fn) + strlen(" pattern") + 1 - 1] = '\0'; data/alpine-2.24+dfsg1/alpine/roleconf.c:5935:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). v->name = (char *) fs_get(strlen(name)+NOTLEN+1); data/alpine-2.24+dfsg1/alpine/roleconf.c:5936:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(v->name, strlen(name)+NOTLEN+1, "%s%s", (defpat && defpat->not) ? NOT : "", name); data/alpine-2.24+dfsg1/alpine/roleconf.c:5937:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). v->name[ strlen(name)+NOTLEN+1-1] = '\0'; data/alpine-2.24+dfsg1/alpine/roleconf.c:6193:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). v->global_val.p = (char *)fs_get((strlen(str) + 20) * data/alpine-2.24+dfsg1/alpine/roleconf.c:6195:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(v->global_val.p, strlen(str) + 20, "%s%s)", DSTRING, str); data/alpine-2.24+dfsg1/alpine/roleconf.c:6196:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). v->global_val.p[strlen(str) + 20 - 1] = '\0'; data/alpine-2.24+dfsg1/alpine/roleconf.c:6216:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). v->global_val.p = (char *)fs_get((strlen(str) + 20) * data/alpine-2.24+dfsg1/alpine/roleconf.c:6218:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(v->global_val.p, strlen(str) + 20, data/alpine-2.24+dfsg1/alpine/roleconf.c:6220:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). v->global_val.p[strlen(str) + 20 - 1] = '\0'; data/alpine-2.24+dfsg1/alpine/roleconf.c:6228:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pdir, ps_global->VAR_OPER_DIR, MAXPATH); data/alpine-2.24+dfsg1/alpine/roleconf.c:6230:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(pdir) + 1; data/alpine-2.24+dfsg1/alpine/roleconf.c:6233:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pdir, ps_global->pinerc, data/alpine-2.24+dfsg1/alpine/roleconf.c:6236:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(pdir); data/alpine-2.24+dfsg1/alpine/roleconf.c:6249:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). v->global_val.p = (char *)fs_get((strlen(str) + 20) * data/alpine-2.24+dfsg1/alpine/roleconf.c:6251:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(v->global_val.p, strlen(str) + 20, "%s%s)", DSTRING, str); data/alpine-2.24+dfsg1/alpine/roleconf.c:6252:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). v->global_val.p[strlen(str) + 20 - 1] = '\0'; data/alpine-2.24+dfsg1/alpine/roleconf.c:6361:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). w1 = MAX(1,MIN(strlen(cur_fn),space/2)); data/alpine-2.24+dfsg1/alpine/roleconf.c:6362:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). w2 = MIN(MAX(1,space-w1),strlen(cntxt->nickname)); data/alpine-2.24+dfsg1/alpine/roleconf.c:6372:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). w1 = MAX(1,MIN(strlen(cur_fn),space/2)); data/alpine-2.24+dfsg1/alpine/roleconf.c:6373:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). w2 = MIN(MAX(1,space-w1),strlen(cntxt->nickname)); data/alpine-2.24+dfsg1/alpine/roleconf.c:6486:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MIN(space/2,MIN(strlen(ps_global->context_list->nickname),20))); data/alpine-2.24+dfsg1/alpine/roleconf.c:6550:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). f->name_len = strlen(nname); data/alpine-2.24+dfsg1/alpine/roleconf.c:7166:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rplstr(ctmp->var->name, strlen(ctmp->var->name)+1, NOTLEN, ""); data/alpine-2.24+dfsg1/alpine/roleconf.c:7167:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rplstr(ctmp->varname, strlen(ctmp->varname)+1, NOTLEN, ""); data/alpine-2.24+dfsg1/alpine/roleconf.c:7168:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ctmp->varname+strlen(ctmp->varname)-1, data/alpine-2.24+dfsg1/alpine/roleconf.c:7168:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(ctmp->varname+strlen(ctmp->varname)-1, data/alpine-2.24+dfsg1/alpine/roleconf.c:7173:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rplstr(ctmp->var->name, strlen(ctmp->var->name)+NOTLEN+1, 0, NOT); data/alpine-2.24+dfsg1/alpine/roleconf.c:7174:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(ctmp->varname+strlen(ctmp->varname)-1-NOTLEN, "=", NOTLEN); data/alpine-2.24+dfsg1/alpine/roleconf.c:7174:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(ctmp->varname+strlen(ctmp->varname)-1-NOTLEN, "=", NOTLEN); data/alpine-2.24+dfsg1/alpine/roleconf.c:7175:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rplstr(ctmp->varname, strlen(ctmp->varname)+NOTLEN+1, 0, NOT); data/alpine-2.24+dfsg1/alpine/roleconf.c:7191:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pdir, ps_global->VAR_OPER_DIR, MAXPATH); data/alpine-2.24+dfsg1/alpine/roleconf.c:7193:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(pdir) + 1; data/alpine-2.24+dfsg1/alpine/roleconf.c:7196:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pdir, ps_global->pinerc, MIN(MAXPATH,lc-ps_global->pinerc)); data/alpine-2.24+dfsg1/alpine/roleconf.c:7198:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(pdir); data/alpine-2.24+dfsg1/alpine/roleconf.c:7201:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(title, "CHOOSE A", 15); data/alpine-2.24+dfsg1/alpine/roleconf.c:7202:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir2, pdir, MAXPATH); data/alpine-2.24+dfsg1/alpine/roleconf.c:7213:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!strncmp(full_filename, pdir, strlen(pdir))) data/alpine-2.24+dfsg1/alpine/roleconf.c:7364:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(file[len=(strlen(file)-1)] == '|') data/alpine-2.24+dfsg1/alpine/roleconf.c:7422:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(tmp[strlen(tmp)-1] == ':') /* remove trailing colon */ data/alpine-2.24+dfsg1/alpine/roleconf.c:7423:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp[strlen(tmp)-1] = '\0'; data/alpine-2.24+dfsg1/alpine/roleconf.c:7460:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = (char *) fs_get(strlen(tmp) + strlen(" pattern") + 1); data/alpine-2.24+dfsg1/alpine/roleconf.c:7460:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = (char *) fs_get(strlen(tmp) + strlen(" pattern") + 1); data/alpine-2.24+dfsg1/alpine/roleconf.c:7461:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(p, strlen(tmp) + strlen(" pattern") + 1, "%s pattern", tmp); data/alpine-2.24+dfsg1/alpine/roleconf.c:7461:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(p, strlen(tmp) + strlen(" pattern") + 1, "%s pattern", tmp); data/alpine-2.24+dfsg1/alpine/roleconf.c:7462:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p[strlen(tmp) + strlen(" pattern") + 1 - 1] = '\0'; data/alpine-2.24+dfsg1/alpine/roleconf.c:7462:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p[strlen(tmp) + strlen(" pattern") + 1 - 1] = '\0'; data/alpine-2.24+dfsg1/alpine/roleconf.c:7533:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ea->v->name, strlen(ea->v->name))) data/alpine-2.24+dfsg1/alpine/rpdump.c:275:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = MAX(MAX(strlen(pinerc), strlen(abook)), MAX(strlen(sig), strlen(smime))); data/alpine-2.24+dfsg1/alpine/rpdump.c:275:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = MAX(MAX(strlen(pinerc), strlen(abook)), MAX(strlen(sig), strlen(smime))); data/alpine-2.24+dfsg1/alpine/rpdump.c:275:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = MAX(MAX(strlen(pinerc), strlen(abook)), MAX(strlen(sig), strlen(smime))); data/alpine-2.24+dfsg1/alpine/rpdump.c:275:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = MAX(MAX(strlen(pinerc), strlen(abook)), MAX(strlen(sig), strlen(smime))); data/alpine-2.24+dfsg1/alpine/rpdump.c:280:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *) sl->text.data, try, len); data/alpine-2.24+dfsg1/alpine/rpdump.c:282:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl->text.size = strlen((char *) sl->text.data); data/alpine-2.24+dfsg1/alpine/rpdump.c:286:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(h) >= sl->text.size && !struncmp(h, try, sl->text.size)) data/alpine-2.24+dfsg1/alpine/rpdump.c:292:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *)sl->text.data, try, len); data/alpine-2.24+dfsg1/alpine/rpdump.c:294:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl->text.size = strlen((char *) sl->text.data); data/alpine-2.24+dfsg1/alpine/rpdump.c:297:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(h) >= sl->text.size && !struncmp(h, try, sl->text.size)) data/alpine-2.24+dfsg1/alpine/rpdump.c:304:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *) sl->text.data, try, len); data/alpine-2.24+dfsg1/alpine/rpdump.c:306:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl->text.size = strlen((char *) sl->text.data); data/alpine-2.24+dfsg1/alpine/rpdump.c:309:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(h) >= sl->text.size && !struncmp(h, try, sl->text.size)) data/alpine-2.24+dfsg1/alpine/rpdump.c:563:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(user, mb->user, NETMAXUSER); data/alpine-2.24+dfsg1/alpine/rpdump.c:572:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(prompt); data/alpine-2.24+dfsg1/alpine/rpdump.c:588:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(&prompt[i-3], "...", sizeof(prompt)-(i-3)); data/alpine-2.24+dfsg1/alpine/rpdump.c:596:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&prompt[i], last, sizeof(prompt)-i); data/alpine-2.24+dfsg1/alpine/rpdump.c:611:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(user, mb->user, NETMAXUSER); data/alpine-2.24+dfsg1/alpine/rpdump.c:623:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(prompt); data/alpine-2.24+dfsg1/alpine/rpdump.c:624:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). goal = strlen(mb->host); data/alpine-2.24+dfsg1/alpine/rpdump.c:625:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ugoal = strlen(user); data/alpine-2.24+dfsg1/alpine/rpdump.c:651:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(&prompt[i-3], "...", sizeof(prompt)-(i-3)); data/alpine-2.24+dfsg1/alpine/rpdump.c:660:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&prompt[i], &" USER: "[i ? 0 : 2], sizeof(prompt)-i); data/alpine-2.24+dfsg1/alpine/rpdump.c:662:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i += strlen(&prompt[i]), j = 0; data/alpine-2.24+dfsg1/alpine/rpdump.c:665:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(&prompt[i-3], "...", sizeof(prompt)-(i-3)); data/alpine-2.24+dfsg1/alpine/rpdump.c:671:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&prompt[i], &" ENTER PASSWORD: "[i ? 0 : 8], sizeof(prompt)-i); data/alpine-2.24+dfsg1/alpine/rpdump.c:752:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(pw) < field_len){ data/alpine-2.24+dfsg1/alpine/rpdump.c:753:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(string, pw, field_len); data/alpine-2.24+dfsg1/alpine/rpload.c:262:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = MAX(MAX(strlen(pinerc), strlen(abook)), MAX(strlen(sig), strlen(smime))); data/alpine-2.24+dfsg1/alpine/rpload.c:262:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = MAX(MAX(strlen(pinerc), strlen(abook)), MAX(strlen(sig), strlen(smime))); data/alpine-2.24+dfsg1/alpine/rpload.c:262:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = MAX(MAX(strlen(pinerc), strlen(abook)), MAX(strlen(sig), strlen(smime))); data/alpine-2.24+dfsg1/alpine/rpload.c:262:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = MAX(MAX(strlen(pinerc), strlen(abook)), MAX(strlen(sig), strlen(smime))); data/alpine-2.24+dfsg1/alpine/rpload.c:267:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *)sl->text.data, try, len); data/alpine-2.24+dfsg1/alpine/rpload.c:269:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl->text.size = strlen((char *) sl->text.data); data/alpine-2.24+dfsg1/alpine/rpload.c:273:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(h) >= sl->text.size && !struncmp(h, try, sl->text.size)) data/alpine-2.24+dfsg1/alpine/rpload.c:279:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *)sl->text.data, try, len); data/alpine-2.24+dfsg1/alpine/rpload.c:281:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl->text.size = strlen((char *) sl->text.data); data/alpine-2.24+dfsg1/alpine/rpload.c:284:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(h) >= sl->text.size && !struncmp(h, try, sl->text.size)) data/alpine-2.24+dfsg1/alpine/rpload.c:291:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *)sl->text.data, try, len); data/alpine-2.24+dfsg1/alpine/rpload.c:293:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl->text.size = strlen((char *) sl->text.data); data/alpine-2.24+dfsg1/alpine/rpload.c:296:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(h) >= sl->text.size && !struncmp(h, try, sl->text.size)) data/alpine-2.24+dfsg1/alpine/rpload.c:507:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "This folder contains a single Alpine addressbook.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:507:88: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "This folder contains a single Alpine addressbook.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:508:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "This message is just an explanatory message.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:508:83: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "This message is just an explanatory message.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:509:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "The last message in the folder is the live addressbook data.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:509:99: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "The last message in the folder is the live addressbook data.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:510:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "The rest of the messages contain previous revisions of the addressbook data.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:510:115: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "The rest of the messages contain previous revisions of the addressbook data.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:511:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "To restore a previous revision just delete and expunge all of the messages\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:511:113: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "To restore a previous revision just delete and expunge all of the messages\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:512:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "which come after it.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:512:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "which come after it.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:515:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "This folder contains an Alpine config file.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:515:82: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "This folder contains an Alpine config file.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:516:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "This message is just an explanatory message.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:516:83: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "This message is just an explanatory message.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:517:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "The last message in the folder is the live config data.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:517:94: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "The last message in the folder is the live config data.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:518:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "The rest of the messages contain previous revisions of the data.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:518:103: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "The rest of the messages contain previous revisions of the data.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:519:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "To restore a previous revision just delete and expunge all of the messages\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:519:113: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "To restore a previous revision just delete and expunge all of the messages\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:520:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "which come after it.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:520:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "which come after it.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:523:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "This folder contains Alpine S/MIME config information.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:523:93: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "This folder contains Alpine S/MIME config information.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:524:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "This message is just an explanatory message.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:524:83: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "This message is just an explanatory message.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:525:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "The last message in the folder is the live data.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:525:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "The last message in the folder is the live data.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:526:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "The rest of the messages contain previous revisions of the data.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:526:103: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "The rest of the messages contain previous revisions of the data.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:527:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "To restore a previous revision just delete and expunge all of the messages\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:527:113: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "To restore a previous revision just delete and expunge all of the messages\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:528:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "which come after it.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:528:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "which come after it.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:531:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "This folder contains remote Alpine data.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:531:79: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "This folder contains remote Alpine data.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:532:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "This message is just an explanatory message.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:532:83: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "This message is just an explanatory message.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:533:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "The last message in the folder is the live data.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:533:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "The last message in the folder is the live data.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:534:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "The rest of the messages contain previous revisions of the data.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:534:103: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "The rest of the messages contain previous revisions of the data.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:535:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "To restore a previous revision just delete and expunge all of the messages\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:535:113: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "To restore a previous revision just delete and expunge all of the messages\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:536:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "which come after it.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:536:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "which come after it.\015\012", sizeof(buf)-strlen(buf)-1); data/alpine-2.24+dfsg1/alpine/rpload.c:539:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). INIT(&msg, mail_string, (void *)buf, strlen(buf)); data/alpine-2.24+dfsg1/alpine/rpload.c:584:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = filelen + filelen + strlen(buf) + 10; data/alpine-2.24+dfsg1/alpine/rpload.c:587:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sto, buf, len); data/alpine-2.24+dfsg1/alpine/rpload.c:589:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = sto + strlen(sto); data/alpine-2.24+dfsg1/alpine/rpload.c:591:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((c = getc(fp)) != EOF){ data/alpine-2.24+dfsg1/alpine/rpload.c:598:32: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(c == '\r' && ((nextc = getc(fp)) != '\n') && nextc != EOF) data/alpine-2.24+dfsg1/alpine/rpload.c:618:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). INIT(&msg, mail_string, (void *)sto, strlen(sto)); data/alpine-2.24+dfsg1/alpine/rpload.c:802:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(user, mb->user, NETMAXUSER); data/alpine-2.24+dfsg1/alpine/rpload.c:811:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(prompt); data/alpine-2.24+dfsg1/alpine/rpload.c:827:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(&prompt[i-3], "...", sizeof(prompt)-(i-3)); data/alpine-2.24+dfsg1/alpine/rpload.c:835:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&prompt[i], last, sizeof(prompt)-i); data/alpine-2.24+dfsg1/alpine/rpload.c:849:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(user, mb->user, NETMAXUSER); data/alpine-2.24+dfsg1/alpine/rpload.c:861:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(prompt); data/alpine-2.24+dfsg1/alpine/rpload.c:862:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). goal = strlen(mb->host); data/alpine-2.24+dfsg1/alpine/rpload.c:863:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ugoal = strlen(user); data/alpine-2.24+dfsg1/alpine/rpload.c:889:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(&prompt[i-3], "...", sizeof(prompt)-(i-3)); data/alpine-2.24+dfsg1/alpine/rpload.c:898:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&prompt[i], &" USER: "[i ? 0 : 2], sizeof(prompt)-i); data/alpine-2.24+dfsg1/alpine/rpload.c:900:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i += strlen(&prompt[i]), j = 0; data/alpine-2.24+dfsg1/alpine/rpload.c:903:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(&prompt[i-3], "...", sizeof(prompt)-(i-3)); data/alpine-2.24+dfsg1/alpine/rpload.c:909:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&prompt[i], &" ENTER PASSWORD: "[i ? 0 : 8], sizeof(prompt)-i); data/alpine-2.24+dfsg1/alpine/rpload.c:990:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(pw) < field_len){ data/alpine-2.24+dfsg1/alpine/rpload.c:991:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(string, pw, field_len); data/alpine-2.24+dfsg1/alpine/send.c:677:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). template_len = strlen(filtered); data/alpine-2.24+dfsg1/alpine/send.c:1146:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(tmp, _("BOUNCE (redirect) message to : "), sizeof(tmp)); data/alpine-2.24+dfsg1/alpine/send.c:1160:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). resize_len = MAX(MAXPATH, strlen(*tobufp)); data/alpine-2.24+dfsg1/alpine/send.c:1239:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*tobufp, p, resize_len); data/alpine-2.24+dfsg1/alpine/send.c:1249:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*tobufp, p, resize_len); data/alpine-2.24+dfsg1/alpine/send.c:1274:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((l=resize_len) < (len = strlen(returned_addr)) + 1){ data/alpine-2.24+dfsg1/alpine/send.c:1279:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*tobufp, returned_addr, l); data/alpine-2.24+dfsg1/alpine/send.c:1320:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((l=strlen(*tobufp)) < (tolen = strlen(addr)) + 1){ data/alpine-2.24+dfsg1/alpine/send.c:1320:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((l=strlen(*tobufp)) < (tolen = strlen(addr)) + 1){ data/alpine-2.24+dfsg1/alpine/send.c:1325:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*tobufp, addr, l); data/alpine-2.24+dfsg1/alpine/send.c:1422:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((strlen(tmp_20k_buf) > data/alpine-2.24+dfsg1/alpine/send.c:1425:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(tmp_20k_buf+ps_global->ttyo->screen_cols-7, data/alpine-2.24+dfsg1/alpine/send.c:1599:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(label, "Fcc", sizeof(label)); data/alpine-2.24+dfsg1/alpine/send.c:1640:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fcclen = strlen(fcc); data/alpine-2.24+dfsg1/alpine/send.c:1642:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need = 2 + strlen(part1) + strlen(part2) + data/alpine-2.24+dfsg1/alpine/send.c:1642:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need = 2 + strlen(part1) + strlen(part2) + data/alpine-2.24+dfsg1/alpine/send.c:1643:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(part3) + fcclen; data/alpine-2.24+dfsg1/alpine/send.c:1713:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((l=strlen(new_nickname)) > resize_len){ data/alpine-2.24+dfsg1/alpine/send.c:1718:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*tobufp, new_nickname, l); data/alpine-2.24+dfsg1/alpine/send.c:2216:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(*he->realaddr) + strlen(pf->textbuf) + 1; data/alpine-2.24+dfsg1/alpine/send.c:2216:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(*he->realaddr) + strlen(pf->textbuf) + 1; data/alpine-2.24+dfsg1/alpine/send.c:2218:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(combined_hdr, *he->realaddr, l); data/alpine-2.24+dfsg1/alpine/send.c:2220:8: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(combined_hdr, ",", l+1-1-strlen(combined_hdr)); data/alpine-2.24+dfsg1/alpine/send.c:2220:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(combined_hdr, ",", l+1-1-strlen(combined_hdr)); data/alpine-2.24+dfsg1/alpine/send.c:2222:8: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(combined_hdr, pf->textbuf, l+1-1-strlen(combined_hdr)); data/alpine-2.24+dfsg1/alpine/send.c:2222:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(combined_hdr, pf->textbuf, l+1-1-strlen(combined_hdr)); data/alpine-2.24+dfsg1/alpine/send.c:2894:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(he->prompt, he->name, MIN(strlen(he->name), he->prwid - 2)); data/alpine-2.24+dfsg1/alpine/send.c:2894:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(he->prompt, he->name, MIN(strlen(he->name), he->prwid - 2)); data/alpine-2.24+dfsg1/alpine/send.c:3014:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HE(pf)->maxlen = strlen(*HE(pf)->realaddr); data/alpine-2.24+dfsg1/alpine/send.c:3219:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(folder,ps_global->pinerc, data/alpine-2.24+dfsg1/alpine/send.c:3224:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(folder, (editor_result & COMP_GOTHUP) data/alpine-2.24+dfsg1/alpine/send.c:3226:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(folder)-strlen(folder)-1); data/alpine-2.24+dfsg1/alpine/send.c:3240:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(folder) + 1 < sizeof(filename)) data/alpine-2.24+dfsg1/alpine/send.c:3242:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename, folder, sizeof(filename)); data/alpine-2.24+dfsg1/alpine/send.c:3244:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(newfname, filename, sizeof(newfname)); data/alpine-2.24+dfsg1/alpine/send.c:3250:8: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(filename, nbuf, data/alpine-2.24+dfsg1/alpine/send.c:3251:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(filename)-strlen(filename)-1); data/alpine-2.24+dfsg1/alpine/send.c:3257:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(newfname, nbuf, data/alpine-2.24+dfsg1/alpine/send.c:3258:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(newfname)-strlen(newfname)-1); data/alpine-2.24+dfsg1/alpine/send.c:3317:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(folder, ps_global->VAR_FORM_FOLDER, data/alpine-2.24+dfsg1/alpine/send.c:3320:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(label, "form letter", sizeof(label)); data/alpine-2.24+dfsg1/alpine/send.c:3324:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(folder, ps_global->VAR_POSTPONED_FOLDER, data/alpine-2.24+dfsg1/alpine/send.c:3327:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(label, "postponed message", sizeof(label)); data/alpine-2.24+dfsg1/alpine/send.c:3370:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reply->prefix ? int2string(strlen(reply->prefix)) data/alpine-2.24+dfsg1/alpine/send.c:3429:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += (strlen(q) + 1); data/alpine-2.24+dfsg1/alpine/send.c:3436:10: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(smtp, " ", len-strlen(smtp)-1); data/alpine-2.24+dfsg1/alpine/send.c:3436:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(smtp, " ", len-strlen(smtp)-1); data/alpine-2.24+dfsg1/alpine/send.c:3438:8: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(smtp, q, len-strlen(smtp)-1); data/alpine-2.24+dfsg1/alpine/send.c:3438:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(smtp, q, len-strlen(smtp)-1); data/alpine-2.24+dfsg1/alpine/send.c:3465:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += (strlen(q) + 1); data/alpine-2.24+dfsg1/alpine/send.c:3472:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(nntp, " ", len-strlen(nntp)-1); data/alpine-2.24+dfsg1/alpine/send.c:3472:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(nntp, " ", len-strlen(nntp)-1); data/alpine-2.24+dfsg1/alpine/send.c:3474:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(nntp, q, len-strlen(nntp)-1); data/alpine-2.24+dfsg1/alpine/send.c:3474:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(nntp, q, len-strlen(nntp)-1); data/alpine-2.24+dfsg1/alpine/send.c:3498:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sz += strlen(pf->name) + 1; data/alpine-2.24+dfsg1/alpine/send.c:3915:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(label, "Fcc", sizeof(label)); data/alpine-2.24+dfsg1/alpine/send.c:4010:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(label, "Fcc", sizeof(label)); data/alpine-2.24+dfsg1/alpine/send.c:4400:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenfcc = MIN(sizeof(fbuf)-1, (result & P_FCC_BITS) ? strlen(fcc_name) : 0); data/alpine-2.24+dfsg1/alpine/send.c:4402:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fixedneed = 9 + strlen(part1) + strlen(part2) + strlen(part3) + data/alpine-2.24+dfsg1/alpine/send.c:4402:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fixedneed = 9 + strlen(part1) + strlen(part2) + strlen(part3) + data/alpine-2.24+dfsg1/alpine/send.c:4402:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fixedneed = 9 + strlen(part1) + strlen(part2) + strlen(part3) + data/alpine-2.24+dfsg1/alpine/send.c:4403:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(part4) + strlen(part5); data/alpine-2.24+dfsg1/alpine/send.c:4403:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(part4) + strlen(part5); data/alpine-2.24+dfsg1/alpine/send.c:4725:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(tmp_20k_buf, "Send message", SIZEOF_20KBUF); data/alpine-2.24+dfsg1/alpine/send.c:4727:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). optp = tmp_20k_buf + strlen(tmp_20k_buf); data/alpine-2.24+dfsg1/alpine/send.c:5190:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fname, fnp, fnlen); data/alpine-2.24+dfsg1/alpine/send.c:5539:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(group_name, mailbox + 6, len-1); data/alpine-2.24+dfsg1/alpine/send.c:5628:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 4*strlen(part->body.description)+1; data/alpine-2.24+dfsg1/alpine/send.c:5661:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (*ppa)->filename = fs_get(strlen(type) + name_l + 5); data/alpine-2.24+dfsg1/alpine/send.c:5663:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf((*ppa)->filename, strlen(type) + name_l + 5, "[%s%s%s]", type, data/alpine-2.24+dfsg1/alpine/send.c:5665:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (*ppa)->filename[strlen(type) + name_l + 5 - 1] = '\0'; data/alpine-2.24+dfsg1/alpine/send.c:5732:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned long) strlen(t), data/alpine-2.24+dfsg1/alpine/send.c:5737:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). replacelen = strlen(t); data/alpine-2.24+dfsg1/alpine/send.c:5739:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rplstr(p, strlen(p), 12, ""); /* clear special token */ data/alpine-2.24+dfsg1/alpine/send.c:5740:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rplstr(t, strlen(u)-replacelen+1, replacelen, u); data/alpine-2.24+dfsg1/alpine/send.c:5765:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((l=strlen((char *)tmp_20k_buf)) > strlen(pf->scratch)){ data/alpine-2.24+dfsg1/alpine/send.c:5765:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((l=strlen((char *)tmp_20k_buf)) > strlen(pf->scratch)){ data/alpine-2.24+dfsg1/alpine/send.c:5770:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pf->scratch, (char *)tmp_20k_buf, l+1); data/alpine-2.24+dfsg1/alpine/send.c:5784:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 4*strlen(src)+1; data/alpine-2.24+dfsg1/alpine/send.c:5810:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((l=strlen((char *)tmp_20k_buf)) > strlen(pf->scratch)){ data/alpine-2.24+dfsg1/alpine/send.c:5810:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((l=strlen((char *)tmp_20k_buf)) > strlen(pf->scratch)){ data/alpine-2.24+dfsg1/alpine/send.c:5815:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pf->scratch, (char *)tmp_20k_buf, l+1); data/alpine-2.24+dfsg1/alpine/send.c:6232:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!struncmp(q, name, strlen(name))) data/alpine-2.24+dfsg1/alpine/send.c:6405:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 4*strlen(*full_to)+1; data/alpine-2.24+dfsg1/alpine/send.c:6436:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(to); data/alpine-2.24+dfsg1/alpine/send.c:6473:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). af->cksumlen = strlen(((full_to && *full_to) data/alpine-2.24+dfsg1/alpine/send.c:6617:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 4*strlen(*full_lcc)+1; data/alpine-2.24+dfsg1/alpine/send.c:6635:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 4*strlen(to)+1; data/alpine-2.24+dfsg1/alpine/send.c:6686:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(lcc); data/alpine-2.24+dfsg1/alpine/send.c:6709:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(barg->tptr) + strlen(to ? to : "") + 2; data/alpine-2.24+dfsg1/alpine/send.c:6709:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(barg->tptr) + strlen(to ? to : "") + 2; data/alpine-2.24+dfsg1/alpine/send.c:6742:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). af->cksumlen = strlen(((full_lcc && *full_lcc) data/alpine-2.24+dfsg1/alpine/send.c:6778:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(lcc); data/alpine-2.24+dfsg1/alpine/send.c:6816:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). af->cksumlen = strlen(((full_lcc && *full_lcc) data/alpine-2.24+dfsg1/alpine/send.c:6946:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(answer, mb.user, sizeof(answer)-1); data/alpine-2.24+dfsg1/alpine/send.c:6959:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(answer, mb.user, sizeof(answer)-1); data/alpine-2.24+dfsg1/alpine/setup.c:503:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (len=strlen(DSTRING)))){ data/alpine-2.24+dfsg1/alpine/setup.c:505:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). olddefval = (char *)fs_get(strlen((*cl)->var->current_val.p)+1); data/alpine-2.24+dfsg1/alpine/setup.c:506:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(olddefval, (*cl)->var->current_val.p+len, data/alpine-2.24+dfsg1/alpine/setup.c:507:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen((*cl)->var->current_val.p)-len-1); data/alpine-2.24+dfsg1/alpine/setup.c:508:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). olddefval[strlen((*cl)->var->current_val.p)-len-1] = '\0'; data/alpine-2.24+dfsg1/alpine/setup.c:519:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). input = (char *)fs_get((strlen(start_with)+1) * sizeof(char)); data/alpine-2.24+dfsg1/alpine/setup.c:1130:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fbuf, p, sizeof(fbuf)-1); data/alpine-2.24+dfsg1/alpine/smime.c:413:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "%02x%s", bs->data[i], data/alpine-2.24+dfsg1/alpine/smime.c:413:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "%02x%s", bs->data[i], data/alpine-2.24+dfsg1/alpine/smime.c:1118:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path, temp_nam(NULL, "a6"), sizeof(path)-1); data/alpine-2.24+dfsg1/alpine/smime.c:1120:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path, upath, sizeof(path)-1); data/alpine-2.24+dfsg1/alpine/smime.c:1300:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filename[strlen(filename)-4] = '\0'; data/alpine-2.24+dfsg1/alpine/smime.c:1342:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(prompt, _("Enter password to unlock key: "), sizeof(prompt)); data/alpine-2.24+dfsg1/alpine/smime.c:1462:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t += strlen(t); data/alpine-2.24+dfsg1/alpine/smime.c:1572:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). e = MIN(strlen(cl->name), ps->ttyo->screen_cols/3); /* do not use too much screen */ data/alpine-2.24+dfsg1/alpine/smime.c:1580:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). smime_setup_size(&t, sizeof(u) - strlen(t), e); data/alpine-2.24+dfsg1/alpine/smime.c:1581:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). smime_setup_size(&t, sizeof(u) - strlen(t), df); data/alpine-2.24+dfsg1/alpine/smime.c:1584:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). smime_setup_size(&t, sizeof(u) - strlen(t), dt); data/alpine-2.24+dfsg1/alpine/smime.c:1587:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). smime_setup_size(&t, sizeof(u) - strlen(t), md5); data/alpine-2.24+dfsg1/alpine/smime.c:1602:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(tmp+s, _("Press \"RETURN\" to add new personal key"), sizeof(tmp)-s-1); data/alpine-2.24+dfsg1/alpine/smime.c:1603:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i = strlen(tmp); i < (ps->ttyo ? ps->ttyo->screen_cols : sizeof(tmp) - 1); i++) data/alpine-2.24+dfsg1/alpine/smime.c:1625:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((*ctmp)->d.s.address, cl->name, sizeof((*ctmp)->d.s.address)); data/alpine-2.24+dfsg1/alpine/smime.c:1688:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(cl->name && strlen(cl->name) > e) data/alpine-2.24+dfsg1/alpine/smime.c:1689:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). e = strlen(cl->name); data/alpine-2.24+dfsg1/alpine/smime.c:1701:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). smime_setup_size(&t, sizeof(u) - strlen(t), e); data/alpine-2.24+dfsg1/alpine/smime.c:1702:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). smime_setup_size(&t, sizeof(u) - strlen(t), df); data/alpine-2.24+dfsg1/alpine/smime.c:1705:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). smime_setup_size(&t, sizeof(u) - strlen(t), dt); data/alpine-2.24+dfsg1/alpine/smime.c:1708:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). smime_setup_size(&t, sizeof(u) - strlen(t), md5); data/alpine-2.24+dfsg1/alpine/smime.c:1725:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cl->name[strlen(cl->name) - 4] = '\0'; /* FIX FIX FIX */ data/alpine-2.24+dfsg1/alpine/smime.c:1726:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((*ctmp)->d.s.address, cl->name, sizeof((*ctmp)->d.s.address)); data/alpine-2.24+dfsg1/alpine/smime.c:1733:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cl->name[strlen(cl->name)] = '.'; data/alpine-2.24+dfsg1/alpine/status.c:140:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mlen = strlen(message) + 40; data/alpine-2.24+dfsg1/alpine/status.c:576:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(q->text) + strlen(append); data/alpine-2.24+dfsg1/alpine/status.c:576:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(q->text) + strlen(append); data/alpine-2.24+dfsg1/alpine/status.c:582:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ptr, q->text, len); data/alpine-2.24+dfsg1/alpine/status.c:584:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(ptr, append, len+1-1-strlen(ptr)); data/alpine-2.24+dfsg1/alpine/status.c:584:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(ptr, append, len+1-1-strlen(ptr)); data/alpine-2.24+dfsg1/alpine/status.c:962:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(prevstatusbuf, newstatusbuf, sizeof(prevstatusbuf)); data/alpine-2.24+dfsg1/alpine/status.c:1012:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(prevstatusbuf, newstatusbuf, sizeof(prevstatusbuf)); data/alpine-2.24+dfsg1/alpine/status.c:1137:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = tmp_20k_buf + strlen(tmp_20k_buf); data/alpine-2.24+dfsg1/alpine/status.c:1150:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t += strlen(t); data/alpine-2.24+dfsg1/alpine/status.c:1161:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t += strlen(t); data/alpine-2.24+dfsg1/alpine/status.c:1171:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while(strlen(p) > ps_global->ttyo->screen_cols - 2 * indent){ data/alpine-2.24+dfsg1/alpine/status.c:1178:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t += strlen(t); data/alpine-2.24+dfsg1/alpine/status.c:1184:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t += strlen(t); data/alpine-2.24+dfsg1/alpine/status.c:1189:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t += strlen(t); data/alpine-2.24+dfsg1/alpine/takeaddr.c:149:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(edit_buf, orig, sizeof(edit_buf)-1); data/alpine-2.24+dfsg1/alpine/takeaddr.c:168:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(orig, edit_buf, sizeof(edit_buf)-1); data/alpine-2.24+dfsg1/alpine/takeaddr.c:203:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(edit_buf, returned_nickname, sizeof(edit_buf)-1); data/alpine-2.24+dfsg1/alpine/takeaddr.c:223:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(edit_buf, new_nickname, sizeof(edit_buf)); data/alpine-2.24+dfsg1/alpine/takeaddr.c:254:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(orig, edit_buf, sizeof(edit_buf)-1); data/alpine-2.24+dfsg1/alpine/takeaddr.c:265:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(orig, edit_buf, sizeof(edit_buf)-1); data/alpine-2.24+dfsg1/alpine/takeaddr.c:302:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new_fullname, addr->personal, sizeof(new_fullname)-1); data/alpine-2.24+dfsg1/alpine/takeaddr.c:338:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned long)strlen(t), &l); data/alpine-2.24+dfsg1/alpine/takeaddr.c:341:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rplstr(t, es-(t-scratch), strlen(t), u); /* Null u is handled */ data/alpine-2.24+dfsg1/alpine/takeaddr.c:349:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new_address, scratch, sizeof(new_address)-1); data/alpine-2.24+dfsg1/alpine/takeaddr.c:538:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new_nickname, abe->nickname, sizeof(new_nickname)); data/alpine-2.24+dfsg1/alpine/takeaddr.c:540:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(exist_nick, new_nickname, sizeof(exist_nick)); data/alpine-2.24+dfsg1/alpine/takeaddr.c:562:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new_nickname, nick, sizeof(new_nickname)); data/alpine-2.24+dfsg1/alpine/takeaddr.c:995:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(addrbook, pab->abnick, sizeof(addrbook)-1); data/alpine-2.24+dfsg1/alpine/takeaddr.c:1037:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(addrbook, pab->abnick, sizeof(addrbook)-1); data/alpine-2.24+dfsg1/alpine/takeaddr.c:1049:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(addrbook, pab->abnick, sizeof(addrbook)-1); data/alpine-2.24+dfsg1/alpine/takeaddr.c:1584:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, last, sizeof(buf)-1); data/alpine-2.24+dfsg1/alpine/takeaddr.c:1633:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(last, buf, sizeof(last)-1); data/alpine-2.24+dfsg1/alpine/takeaddr.c:1846:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf1, buf2, sizeof(buf1)); data/alpine-2.24+dfsg1/alpine/takeaddr.c:1878:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(actual_width < screen_width && (len=strlen(buf1))+1 < sizeof(buf1)){ data/alpine-2.24+dfsg1/alpine/takeaddr.c:1887:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf2); data/alpine-2.24+dfsg1/alpine/takeaddr.c:2123:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(warn[how_many_dups], current->nickname, MAX_NICKNAME); data/alpine-2.24+dfsg1/alpine/takeaddr.c:2254:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned long)strlen(t), &l); data/alpine-2.24+dfsg1/alpine/takeaddr.c:2257:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rplstr(t, es-(t-scratch), strlen(t), u); /* Null u is handled */ data/alpine-2.24+dfsg1/alpine/takeaddr.c:2265:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(abuf, scratch, sizeof(abuf)-1); data/alpine-2.24+dfsg1/alpine/takeaddr.c:2344:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned long)strlen(t), &l); data/alpine-2.24+dfsg1/alpine/takeaddr.c:2347:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rplstr(t, es-(t-scratch), strlen(t), u); /* Null u is handled */ data/alpine-2.24+dfsg1/alpine/takeaddr.c:2355:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(abuf, scratch, sizeof(abuf)-1); data/alpine-2.24+dfsg1/alpine/takeaddr.c:2789:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(p)+5; data/alpine-2.24+dfsg1/alpine/takeaddr.c:3099:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(cm[num]->bv_val) + 2; data/alpine-2.24+dfsg1/alpine/takeaddr.c:3116:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(mail[num]->bv_val) + 2; data/alpine-2.24+dfsg1/alpine/takeaddr.c:3160:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, addr->mailbox, sizeof(buf)-2), data/alpine-2.24+dfsg1/alpine/takeaddr.c:3162:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(buf, "@", sizeof(buf)-1-strlen(buf)); data/alpine-2.24+dfsg1/alpine/takeaddr.c:3162:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "@", sizeof(buf)-1-strlen(buf)); data/alpine-2.24+dfsg1/alpine/takeaddr.c:3163:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buf, addr->host, sizeof(buf)-1-strlen(buf)); data/alpine-2.24+dfsg1/alpine/takeaddr.c:3163:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, addr->host, sizeof(buf)-1-strlen(buf)); data/alpine-2.24+dfsg1/alpine/takeaddr.c:3227:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(last) + 2 + strlen(first); data/alpine-2.24+dfsg1/alpine/takeaddr.c:3227:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(last) + 2 + strlen(first); data/alpine-2.24+dfsg1/alpine/titlebar.c:210:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(as.titlecontainer.color.fg, data/alpine-2.24+dfsg1/alpine/titlebar.c:213:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(as.titlecontainer.color.bg, data/alpine-2.24+dfsg1/alpine/titlebar.c:221:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(as.titlecontainer.color.fg, color->fg, MAXCOLORLEN); data/alpine-2.24+dfsg1/alpine/titlebar.c:226:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(as.titlecontainer.color.bg, color->bg, MAXCOLORLEN); data/alpine-2.24+dfsg1/alpine/titlebar.c:233:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(as.titlecontainer.color.fg, data/alpine-2.24+dfsg1/alpine/titlebar.c:239:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(as.titlecontainer.color.bg, data/alpine-2.24+dfsg1/alpine/titlebar.c:467:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). is_context = as.context_name ? strlen(as.context_name) : 0; data/alpine-2.24+dfsg1/alpine/titlebar.c:475:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(title, as.title, sizeof(title)); data/alpine-2.24+dfsg1/alpine/titlebar.c:496:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(title+strlen(title), sizeof(title)-strlen(title), data/alpine-2.24+dfsg1/alpine/titlebar.c:496:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(title+strlen(title), sizeof(title)-strlen(title), data/alpine-2.24+dfsg1/alpine/titlebar.c:556:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). loc_label[strlen(loc_label)-1] = 's'; data/alpine-2.24+dfsg1/alpine/titlebar.c:565:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). loc_label[strlen(loc_label)-1] = 's'; data/alpine-2.24+dfsg1/alpine/titlebar.c:567:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). loc_label[strlen(loc_label)-1] = '\0'; data/alpine-2.24+dfsg1/alpine/titlebar.c:575:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). num_len = strlen(comatose(mn_get_total(as.msgmap))); data/alpine-2.24+dfsg1/alpine/titlebar.c:587:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). num_len = strlen(comatose(as.total_lines)); data/alpine-2.24+dfsg1/alpine/titlebar.c:597:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). num_len = strlen(comatose(mn_get_total(as.msgmap))); data/alpine-2.24+dfsg1/alpine/titlebar.c:610:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). num_len = strlen(comatose(mn_get_total(as.msgmap))); data/alpine-2.24+dfsg1/alpine/titlebar.c:624:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). num_len = strlen(comatose(mn_get_total(as.msgmap))); data/alpine-2.24+dfsg1/alpine/titlebar.c:641:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). num_len = strlen(comatose(as.total_lines)); data/alpine-2.24+dfsg1/alpine/titlebar.c:709:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(fold_tmp, "File: ", sizeof(fold_tmp)); data/alpine-2.24+dfsg1/alpine/titlebar.c:710:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q = fold_tmp + strlen(fold_tmp); data/alpine-2.24+dfsg1/alpine/titlebar.c:711:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(q, as.folder_name, sizeof(fold_tmp)-(q-fold_tmp)); data/alpine-2.24+dfsg1/alpine/titlebar.c:717:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(fold_tmp, "File: ...", sizeof(fold_tmp)); data/alpine-2.24+dfsg1/alpine/titlebar.c:718:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q = fold_tmp + strlen(fold_tmp); data/alpine-2.24+dfsg1/alpine/titlebar.c:738:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(q, as.context_name, sizeof(fold_tmp)-(q-fold_tmp)); data/alpine-2.24+dfsg1/alpine/titlebar.c:739:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q += strlen(q); data/alpine-2.24+dfsg1/alpine/titlebar.c:742:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(q, as.folder_name, sizeof(fold_tmp)-(q-fold_tmp)); data/alpine-2.24+dfsg1/alpine/titlebar.c:743:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q += strlen(q); data/alpine-2.24+dfsg1/alpine/titlebar.c:744:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(q, ss_string, sizeof(fold_tmp)-(q-fold_tmp)); data/alpine-2.24+dfsg1/alpine/titlebar.c:749:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(q, as.context_name, sizeof(fold_tmp)-(q-fold_tmp)); data/alpine-2.24+dfsg1/alpine/titlebar.c:750:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q += strlen(q); data/alpine-2.24+dfsg1/alpine/titlebar.c:753:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(q, as.folder_name, sizeof(fold_tmp)-(q-fold_tmp)); data/alpine-2.24+dfsg1/alpine/titlebar.c:754:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q += strlen(q); data/alpine-2.24+dfsg1/alpine/titlebar.c:755:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(q, ss_string, sizeof(fold_tmp)-(q-fold_tmp)); data/alpine-2.24+dfsg1/alpine/titlebar.c:763:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(q, as.folder_name, sizeof(fold_tmp)-(q-fold_tmp)); data/alpine-2.24+dfsg1/alpine/titlebar.c:764:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q += strlen(q); data/alpine-2.24+dfsg1/alpine/titlebar.c:765:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(q, ss_string, sizeof(fold_tmp)-(q-fold_tmp)); data/alpine-2.24+dfsg1/alpine/titlebar.c:774:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(q, ss_string, sizeof(fold_tmp)-(q-fold_tmp)); data/alpine-2.24+dfsg1/alpine/titlebar.c:778:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(q, ss_string, sizeof(fold_tmp)-(q-fold_tmp)); data/alpine-2.24+dfsg1/alpine/titlebar.c:787:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(q, as.folder_name, sizeof(fold_tmp)-(q-fold_tmp)); data/alpine-2.24+dfsg1/alpine/titlebar.c:793:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extra = strlen(_("Folder: ")); data/alpine-2.24+dfsg1/alpine/titlebar.c:796:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(q, "Folder: ", sizeof(fold_tmp)-(q-fold_tmp)); data/alpine-2.24+dfsg1/alpine/titlebar.c:797:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q += strlen(q); data/alpine-2.24+dfsg1/alpine/titlebar.c:798:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(q, as.folder_name, sizeof(fold_tmp)-(q-fold_tmp)); data/alpine-2.24+dfsg1/alpine/titlebar.c:799:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q += strlen(q); data/alpine-2.24+dfsg1/alpine/titlebar.c:800:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(q, ss_string, sizeof(fold_tmp)-(q-fold_tmp)); data/alpine-2.24+dfsg1/alpine/titlebar.c:805:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(q, as.folder_name, sizeof(fold_tmp)-(q-fold_tmp)); data/alpine-2.24+dfsg1/alpine/titlebar.c:806:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q += strlen(q); data/alpine-2.24+dfsg1/alpine/titlebar.c:807:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(q, ss_string, sizeof(fold_tmp)-(q-fold_tmp)); data/alpine-2.24+dfsg1/alpine/titlebar.c:812:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(q, "...", sizeof(fold_tmp)); data/alpine-2.24+dfsg1/alpine/titlebar.c:813:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q += strlen(q); data/alpine-2.24+dfsg1/alpine/titlebar.c:815:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(q, ss_string, sizeof(fold_tmp)-(q-fold_tmp)); data/alpine-2.24+dfsg1/alpine/titlebar.c:819:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(q, ss_string, sizeof(fold_tmp)-(q-fold_tmp)); data/alpine-2.24+dfsg1/alpine/titlebar.c:961:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). num_len = strlen(comatose(maxnum)); data/alpine-2.24+dfsg1/alpine/titlebar.c:1117:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). num_len = strlen(comatose(as.total_lines)); data/alpine-2.24+dfsg1/alpine/titlebar.c:1149:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(percent, "ALL", sizeof(percent)); data/alpine-2.24+dfsg1/alpine/titlebar.c:1153:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(percent, "TOP", sizeof(percent)); data/alpine-2.24+dfsg1/alpine/titlebar.c:1155:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(percent, "END", sizeof(percent)); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:98:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n += strlen(list[i]) + 1; data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:104:29: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if(list[i+1] != NULL) strcat(rv, ","); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:132:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(XNAME) + strlen(x->name) + strlen(XID) + strlen(x->client_id) data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:132:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(XNAME) + strlen(x->name) + strlen(XID) + strlen(x->client_id) data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:132:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(XNAME) + strlen(x->name) + strlen(XID) + strlen(x->client_id) data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:132:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(XNAME) + strlen(x->name) + strlen(XID) + strlen(x->client_id) data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:133:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(x->client_secret ? XSECRET : "") + strlen(x->client_secret ? x->client_secret : "") data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:133:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(x->client_secret ? XSECRET : "") + strlen(x->client_secret ? x->client_secret : "") data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:134:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(x->tenant ? XTENANT : "") + strlen(x->tenant ? x->tenant : "") data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:134:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(x->tenant ? XTENANT : "") + strlen(x->tenant ? x->tenant : "") data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:135:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(XUSER) + strlen(x->users ? x->users : "") data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:135:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(XUSER) + strlen(x->users ? x->users : "") data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:136:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(XFLOW) + strlen(x->flow ? x->flow : "") data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:136:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(XFLOW) + strlen(x->flow ? x->flow : "") data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:142:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(rv + strlen(rv), " %s\"%s\"", XSECRET, x->client_secret); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:144:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(rv + strlen(rv), " %s\"%s\"", XTENANT, x->tenant); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:145:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(rv + strlen(rv), " %s\"%s\"", XUSER, x->users ? x->users : ""); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:147:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(rv + strlen(rv), " %s\"%s\"", XFLOW, x->flow ? x->flow : ""); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:185:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n += strlen(xinfo[i]->client_id); + 5; /* number, parenthesis, space */ data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:186:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n += strlen(xinfo[0]->name) + strlen(user); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:186:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n += strlen(xinfo[0]->name) + strlen(user); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:190:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(s + strlen(s), _("Please select the client-id to use from the following list.\n\n")); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:192:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(s + strlen(s), " %d) %.70s\n", i+1, xinfo[i]->client_id); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:193:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(s + strlen(s), "%s", "\n\n"); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:197:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(prompt, _("Enter your selection number: "), sizeof(prompt)); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:355:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int n = x->users ? strlen(x->users) + 1 : 0; data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:358:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fs_resize((void **) &x->users, (n + strlen(user) + 1)*sizeof(char)); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:360:17: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if(n > 0) strcat(x->users, ","); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:472:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(XNAME); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:482:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(XID); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:492:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(XTENANT); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:502:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(XSECRET); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:512:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(XFLOW); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:522:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(XUSER); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:831:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(x_default[m].screen_name); data/alpine-2.24+dfsg1/alpine/xoauth2conf.c:948:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(prompt, _("Enter service name: "), sizeof(prompt)); data/alpine-2.24+dfsg1/imap/src/c-client/auth_bea.c:120:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rlen = strlen(BEARER_ACCOUNT) + strlen(user) + 1 + 1 data/alpine-2.24+dfsg1/imap/src/c-client/auth_bea.c:120:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rlen = strlen(BEARER_ACCOUNT) + strlen(user) + 1 + 1 data/alpine-2.24+dfsg1/imap/src/c-client/auth_bea.c:121:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(BEARER_HOST) + strlen(mb->orighost) + 1 data/alpine-2.24+dfsg1/imap/src/c-client/auth_bea.c:121:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(BEARER_HOST) + strlen(mb->orighost) + 1 data/alpine-2.24+dfsg1/imap/src/c-client/auth_bea.c:122:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(BEARER_PORT) + strlen(ports) + 1 data/alpine-2.24+dfsg1/imap/src/c-client/auth_bea.c:122:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(BEARER_PORT) + strlen(ports) + 1 data/alpine-2.24+dfsg1/imap/src/c-client/auth_bea.c:123:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(OAUTH2_BEARER) + strlen(oauth2.access_token) + 2; data/alpine-2.24+dfsg1/imap/src/c-client/auth_bea.c:123:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(OAUTH2_BEARER) + strlen(oauth2.access_token) + 2; data/alpine-2.24+dfsg1/imap/src/c-client/auth_ext.c:66:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((*responder) (stream,base,strcpy (user,mb->user),strlen(mb->user))) { data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c:71:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf.length = strlen (buf.value = tmp); data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c:150:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf.length = strlen (buf.value = tmp); data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c:213:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf.value = tmp; buf.length = strlen (user) + 4; data/alpine-2.24+dfsg1/imap/src/c-client/auth_gss.c:338:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf.length = strlen (buf.value = tmp); data/alpine-2.24+dfsg1/imap/src/c-client/auth_log.c:76:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ((*responder) (stream,NIL,user,strlen (user)) && data/alpine-2.24+dfsg1/imap/src/c-client/auth_log.c:80:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((*responder) (stream,NIL,pwd,strlen (pwd))) { data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c:118:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pwd,strlen (pwd))); data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c:121:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((*responder) (stream,NIL,tmp,strlen (tmp))) { data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c:133:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memset((void *) pwd, 0, strlen(pwd)); data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c:161:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((user = (*responder) (chal,cl = strlen (chal),NIL)) != NULL) { data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c:169:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pl = strlen (p); data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c:202:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(read (fd,buf = (char *) fs_get (sbuf.st_size + 1),sbuf.st_size) < 0) data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c:252:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memset (s,0,strlen (s)); /* erase sensitive information */ data/alpine-2.24+dfsg1/imap/src/c-client/auth_md5.c:254:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md5_update (&ctx,(unsigned char *) tmp,strlen (tmp)); data/alpine-2.24+dfsg1/imap/src/c-client/auth_ntl.c:83:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ulen = strlen (sep + 1); data/alpine-2.24+dfsg1/imap/src/c-client/auth_oa2.c:142:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned long rlen = strlen(OAUTH2_USER) + strlen(user) data/alpine-2.24+dfsg1/imap/src/c-client/auth_oa2.c:142:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned long rlen = strlen(OAUTH2_USER) + strlen(user) data/alpine-2.24+dfsg1/imap/src/c-client/auth_oa2.c:143:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(OAUTH2_BEARER) + strlen(oauth2.access_token) + 1 + 2; data/alpine-2.24+dfsg1/imap/src/c-client/auth_oa2.c:143:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(OAUTH2_BEARER) + strlen(oauth2.access_token) + 1 + 2; data/alpine-2.24+dfsg1/imap/src/c-client/auth_pla.c:84:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (mb->authuser) + strlen (user) + strlen (pwd) + 2; data/alpine-2.24+dfsg1/imap/src/c-client/auth_pla.c:84:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (mb->authuser) + strlen (user) + strlen (pwd) + 2; data/alpine-2.24+dfsg1/imap/src/c-client/auth_pla.c:84:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (mb->authuser) + strlen (user) + strlen (pwd) + 2; data/alpine-2.24+dfsg1/imap/src/c-client/auth_pla.c:128:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((((unsigned long) ((user = aid + strlen (aid) + 1) - aid)) < len) && data/alpine-2.24+dfsg1/imap/src/c-client/auth_pla.c:129:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (((unsigned long) ((pass = user + strlen (user) + 1) - aid)) < len) && data/alpine-2.24+dfsg1/imap/src/c-client/auth_pla.c:130:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (((unsigned long) ((pass + strlen (pass)) - aid)) == len) && data/alpine-2.24+dfsg1/imap/src/c-client/flstring.c:74:23: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). *s->curpos = (char) getc ((FILE *) s->data); data/alpine-2.24+dfsg1/imap/src/c-client/flstring.c:90:23: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). *s->curpos = (char) getc ((FILE *) s->data); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:401:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(hname, hdata, h-hdata); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:670:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(t = s; strlen(t) > 0 ;) data/alpine-2.24+dfsg1/imap/src/c-client/http.c:671:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(t[strlen(t)-1] == ' ' || t[strlen(t)-1] == '\t') data/alpine-2.24+dfsg1/imap/src/c-client/http.c:671:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(t[strlen(t)-1] == ' ' || t[strlen(t)-1] == '\t') data/alpine-2.24+dfsg1/imap/src/c-client/http.c:672:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t[strlen(t)-1] = '\0'; data/alpine-2.24+dfsg1/imap/src/c-client/http.c:767:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(method) + strlen(target) + strlen(version) + 2 + 1; data/alpine-2.24+dfsg1/imap/src/c-client/http.c:767:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(method) + strlen(target) + strlen(version) + 2 + 1; data/alpine-2.24+dfsg1/imap/src/c-client/http.c:767:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(method) + strlen(target) + strlen(version) + 2 + 1; data/alpine-2.24+dfsg1/imap/src/c-client/http.c:783:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name) + 2 + strlen(value) + 2 + 1; data/alpine-2.24+dfsg1/imap/src/c-client/http.c:783:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name) + 2 + strlen(value) + 2 + 1; data/alpine-2.24+dfsg1/imap/src/c-client/http.c:784:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hlen = (*reqp)->header ? strlen((*reqp)->header) : 0; data/alpine-2.24+dfsg1/imap/src/c-client/http.c:797:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = *bufp ? strlen(*bufp) : 0; data/alpine-2.24+dfsg1/imap/src/c-client/http.c:798:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fs_resize((void **) bufp, (len + strlen(text) + 1)*sizeof(char)); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:850:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned char *s = fs_get((3*strlen(text) + 1)*sizeof(char)), *t; data/alpine-2.24+dfsg1/imap/src/c-client/http.c:856:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(s + strlen(s), "%c", *t); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:858:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(s + strlen(s), "%%%X", *t); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:859:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fs_resize((void **) &s, (strlen(s)+1)*sizeof(char)); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:868:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned char *s = fs_get((3*strlen(text) + 1)*sizeof(char)), *t; data/alpine-2.24+dfsg1/imap/src/c-client/http.c:873:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(s + strlen(s), "%c", '+'); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:876:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(s + strlen(s), "%c", *t); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:878:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(s + strlen(s), "%%%X", *t); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:879:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fs_resize((void **) &s, (strlen(s)+1)*sizeof(char)); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:906:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = s ? s - url - i - 1 : strlen(url+i+1); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:907:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(mb->orighost, url+i+1, len); data/alpine-2.24+dfsg1/imap/src/c-client/http.c:1100:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(length, "%lu", strlen(req->body)); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:551:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (prefix,ref,pl); /* build prefix */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:561:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (prefix,pat,pl); /* build prefix */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:720:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (mailbox + strlen (mailbox) + 1) : NIL); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:765:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (tmp,")"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:840:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (LOCAL->user) sprintf (tmp + strlen (tmp),"/user=\"%s\"", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:950:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (mb.host,(long) mail_parameters(NIL,GET_SASLUSESPTRNAME,NIL)? data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1005:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp),":%lu",i); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1022:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (LOCAL->user) sprintf (tmp + strlen (tmp),"/user=\"%s\"", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1025:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (tmp,"}"); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1139:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (imap_challenge (stream,&i)) imap_response (stream,NIL,s,strlen (s)); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1295:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pwd, app_pwd, MAILTMPLEN); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1340:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (reply->text),len))) { data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1367:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = fs_get((strlen(base) + strlen(v) + 1 + 2)*sizeof(char)); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1367:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = fs_get((strlen(base) + strlen(v) + 1 + 2)*sizeof(char)); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1497:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((len - (slen = (t += strlen (t)) - s)) < 20) { data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1507:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = s + strlen (s); /* end of buffer */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1603:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). k && set && (((s += strlen (s)) - seq) < (MAXCOMMAND - 30)); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1623:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s),",%lu",i++); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1627:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s),",%lu:%lu",i,x); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1641:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s),",%lu",i); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1649:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen (s); /* find string end, see if nearing end */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1656:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (i != --j) sprintf (s + strlen (s),":%lu",i = j); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1676:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (imap_extrahdrs) sprintf (tmp + strlen (tmp)," %s %s %s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1679:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else sprintf (tmp + strlen (tmp)," %s %s", data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1812:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (tmp,section,t-section); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:1995:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen (s); /* find string end, see if nearing end */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2002:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (i != --j) sprintf (s + strlen (s),":%lu",i = j); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2199:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen (s); /* point at end of string */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2207:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen (s); /* point at end of string */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2333:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((len - (j = ((t += strlen (t)) - s)) < 20)) { data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2342:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = s + strlen (s); /* end of buffer */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2516:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen (s); /* point at end of string */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:2521:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen (s); /* point at end of string */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3011:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(list->name) + strlen(list->value) + 6; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3011:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(list->name) + strlen(list->value) + 6; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3019:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3118:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = CMDBASE + strlen (CMDBASE); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3127:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen (s); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3138:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). st.size = strlen ((char *) (st.data = (unsigned char *) arg->text)); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3211:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((i = strlen (t = (char *) arg->text)) <= (size_t) MAXCOMMAND) data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3244:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). st.size = strlen ((char *) (st.data = (unsigned char *) arg->text)); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3277:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). st.size = strlen ((char *) (st.data = (unsigned char *) data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3309:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen (s); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3389:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *s += strlen (*s); /* size of literal count */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3426:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(u); \ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3428:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(t, u, remain); \ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3431:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t += strlen (t); \ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3597:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(t, "\""); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3629:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t += strlen (t); /* point at end of string */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3637:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t += strlen (t); /* point at end of string */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3689:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *s += strlen (*s); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3693:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *s += strlen (*s); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3726:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *s += strlen (*s); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3730:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *s += strlen (*s); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3855:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *s += strlen (*s); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3863:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *s += strlen (*s); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3920:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *s += strlen (*s); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:3961:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s = (char *) fs_get ((i = strlen (string) + 2) + 1), data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4039:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). LOCAL->reply.text = LOCAL->reply.key + strlen (LOCAL->reply.key); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4420:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strcpy (strncpy (LOCAL->tmp,stream->mailbox,i) + i,t); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4463:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (LOCAL->prefix && ((strlen (LOCAL->prefix) + j) < IMAPTMPLEN)) data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4669:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((strlen (LOCAL->prefix) + strlen (reply->text)) < IMAPTMPLEN)) data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4669:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((strlen (LOCAL->prefix) + strlen (reply->text)) < IMAPTMPLEN)) data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:4702:22: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if ((s = strchr (strncpy (t = LOCAL->tmp,s,i),' ')) != NULL) *s++ = '\0'; data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:5291:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). ret = strncpy ((char *) fs_get (i + 1),s,i); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:6072:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rs = LOCAL->reform = (char *) fs_get (1+ strlen (sequence)); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:6075:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (rs,s,i = t - s); /* copy string up to that point */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:6087:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!tl) tl = t + strlen (t); data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:6091:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (rs,s,i = tl - s);/* copy string up to that point */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:6096:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (rs,t,i = tl - t);/* swap the order */ data/alpine-2.24+dfsg1/imap/src/c-client/imap4r1.c:6098:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (rs+i+1,s,j = (t-1) - s); data/alpine-2.24+dfsg1/imap/src/c-client/json.c:157:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = s + strlen((char *) s); data/alpine-2.24+dfsg1/imap/src/c-client/json.c:190:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen((char *) t) < 4) data/alpine-2.24+dfsg1/imap/src/c-client/json.c:225:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). case 'f' : if(strlen((char *) w) > 5 data/alpine-2.24+dfsg1/imap/src/c-client/json.c:233:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). case 'n' : if(strlen((char *) w) > 4 data/alpine-2.24+dfsg1/imap/src/c-client/json.c:241:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). case 't' : if(strlen((char *) w) > 4 data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:736:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (mailbox) < (NETMAXHOST+(NETMAXUSER*2)+NETMAXMBX+NETMAXSRV+50)) data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:807:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((j = t - v) < MAILTMPLEN) && (strlen (t+1) < (size_t) NETMAXMBX))) data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:809:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (mb->host,name,i); /* set host name */ data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:810:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (mb->orighost,name,i); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:814:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (t = tmp,v,j); /* copy it */ data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:847:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen (v); /* length of argument */ data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:935:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ref && (strlen (ref) > NETMAXMBX)) { data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:941:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (pat) > NETMAXMBX) { data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:970:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ref && (strlen (ref) > NETMAXMBX)) { data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:976:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (pat) > NETMAXMBX) { data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1003:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ref && (strlen (ref) > NETMAXMBX)) { data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1009:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (pat) > NETMAXMBX) { data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1072:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (mailbox) >= (NETMAXHOST+(NETMAXUSER*2)+NETMAXMBX+NETMAXSRV+50)) { data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1099:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (tmp,t,i); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1283:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (tmp,name+6,i); /* copy snarf mailbox name */ data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1301:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (mb.port) sprintf (tmp + strlen (tmp),":%lu",mb.port); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1302:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (mb.user[0]) sprintf (tmp + strlen (tmp),"/user=%.64s",mb.user); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1820:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (section && (strlen (section) > (MAILTMPLEN - 20))) return ""; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1911:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (section && (strlen (section) > (MAILTMPLEN - 20))) return ""; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:1966:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (section && (strlen (section) > (MAILTMPLEN - 20))) return ""; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2032:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen (section) > (MAILTMPLEN - 20)) return ""; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2107:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (section && (strlen (section) > (MAILTMPLEN - 20))) return NIL; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2367:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy (s,t,(size_t) min (length,(long) strlen (t))); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2386:28: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (env && env->subject) strncpy (s,env->subject,(size_t) length); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2540:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (uf = elt->user_flags,s = flags + strlen (flags); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2542:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((MAILTMPLEN - (s - tmp)) > (long) (2 + strlen (f))); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2543:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen (s)) sprintf (s," %s",f); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2688:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen (mailbox) >= data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2962:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s && *s && (strlen (s) < (size_t)MAILTMPLEN)) s = ucase (strcpy (tmp,s)); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:2990:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (s) < (size_t) 5) return NIL; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:3734:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). h.size = strlen (s); /* yes, get its size */ data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:3832:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (prefix && (strlen (prefix) > (MAILTMPLEN - 20))) return NIL; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:3848:18: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. s = prefix ? strcat (sect,".") : ""; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:3870:38: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. mail_search_body (stream,msgno,body,strcat (sect,"."),1,flags); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:3999:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). k = (tadr.mailbox = a->mailbox) ? 4 + 2*strlen (a->mailbox) : 3; data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4000:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((tadr.personal = a->personal) != NULL) k += 3 + 2*strlen (a->personal); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4001:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((tadr.adl = a->adl) != NULL) k += 3 + 2*strlen (a->adl); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4002:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((tadr.host = a->host) != NULL) k += 3 + 2*strlen (a->host); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4008:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (((k = strlen (tmp)) + txt.size) > i) data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4237:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((d = strtok_r (c,end,r)) != NULL) n = strlen (d); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4452:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove (x,v,strlen (v)); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4488:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove (x,v,strlen (v)); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4493:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove (x,v+1,strlen (v+1)); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4522:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove (x,v,strlen (v)); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4527:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove (x,v+1,strlen (v+1)); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4556:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove (x,v,strlen (v)); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4561:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove (x,v+1,strlen (v+1)); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4591:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove (x,v,strlen (v)); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4621:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((src.size = strlen (t)) != 0) { /* have non-empty subject? */ data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4634:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (slen = dst.size; s; slen = strlen (s)) { data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:4690:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (s[i = strlen (s) - 1] == ']')) { data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:5011:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp),":%lu",mail_uid (stream,sc[j]->num)); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:5281:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (ret = (char *) fs_get (strlen (adr->mailbox) + data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:5282:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (adr->host) + 2),"%s@%s", data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:5306:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret->text.size = strlen (t); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:5310:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cur->next->text.size = strlen (t); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:5551:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (((i = (*flag == '(')) ^ (flag[strlen (flag)-1] == ')')) || data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:5552:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen (flag) >= MAILTMPLEN)) { data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:5557:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (n = tmp,flag+i,(j = strlen (flag) - (2*i))); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:5557:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy (n = tmp,flag+i,(j = strlen (flag) - (2*i))); data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:5580:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen (t) <= MAXUSERFLAG)) { data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:5764:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hdr->line.size = strlen ((char *) (hdr->line.data = data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:5766:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hdr->text.size = strlen ((char *) (hdr->text.data = data/alpine-2.24+dfsg1/imap/src/c-client/mail.c:6282:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (mb->host) >= NETMAXHOST) { data/alpine-2.24+dfsg1/imap/src/c-client/misc.c:74:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return string ? strcpy ((char *) fs_get (1 + strlen (string)),string) : NIL; data/alpine-2.24+dfsg1/imap/src/c-client/netmsg.c:83:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen (t); /* size of line */ data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:160:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int showuppers = pattern[strlen (pattern) - 1] == '%'; data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:167:60: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (s = lcl; (s < (name + MAILTMPLEN - 1)) && ((c = getc (f)) != EOF) && data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:180:64: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c != '\015') && (c != '\012') && (c != EOF)) c = getc (f); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:205:59: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (s = tmp; (s < (tmp + MAILTMPLEN - 1)) && ((c = getc (f)) != EOF) && data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:222:64: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c != '\015') && (c != '\012') && (c != EOF)) c = getc (f); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:226:11: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = getc (f)) == '\012') nl[1] = c; data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:266:57: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (s = tmp; (s < (tmp + MAILTMPLEN - 1)) && ((c = getc (f)) != EOF) && data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:271:59: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c != '\015') && (c != '\012') && (c != EOF)) c = getc (f); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:273:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc (f)) == ' '); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:278:41: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (i = 0,j = 0; isdigit (c); c = getc (f)) i = i*10 + (c-'0'); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:279:29: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (c == '-') for (c = getc (f); isdigit (c); c = getc (f)) data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:279:56: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (c == '-') for (c = getc (f); isdigit (c); c = getc (f)) data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:295:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc (f); /* get first character of number */ data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:307:61: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c != '\015') && (c != '\012') && (c != EOF)) c = getc (f); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:355:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc (f)) != EOF) { data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:359:11: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = getc (f)) == '\012') nl[1] = c; data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:396:57: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (s = tmp; (s < (tmp + MAILTMPLEN - 1)) && ((c = getc (bf)) != EOF) && data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:409:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((c = getc (bf)) != EOF) && (c != '\015') && (c != '\012')); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:411:45: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c == '\015') || (c == '\012')) c = getc (bf); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:414:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc (bf); /* get next character */ data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:421:25: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else while (((c = getc (bf)) != EOF) && (c != '\015') && (c != '\012')) data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:426:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (((c = getc (bf)) != EOF) && (c != '\012')) ungetc (c,bf); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:460:57: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (s = tmp; (s < (tmp + MAILTMPLEN - 1)) && ((c = getc (f)) != EOF) && data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:465:59: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c != '\015') && (c != '\012') && (c != EOF)) c = getc (f); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:468:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc (f)) == ' '); data/alpine-2.24+dfsg1/imap/src/c-client/newsrc.c:471:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc (f); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:338:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int showuppers = pat[strlen (pat) - 1] == '%'; data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:425:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ((*pat == '.') && (pattern[strlen (pattern) - 1] == '.')) data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:691:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp),":%lu",mb.port ? mb.port : nntp_port); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:703:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (mb.user[0]) sprintf (tmp + strlen (tmp),"/user=\"%s\"",mb.user); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:750:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = tmp + strlen (tmp); /* end of string */ data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:777:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (LOCAL->user) sprintf (tmp + strlen (tmp),"/user=\"%s\"",LOCAL->user); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:779:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else sprintf (tmp + strlen (tmp),"}#news.%s",mbx); data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:1765:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (mb.host,(long) mail_parameters (NIL,GET_SASLUSESPTRNAME,NIL) ? data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:1789:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (mb.host,(long) mail_parameters (NIL,GET_SASLUSESPTRNAME,NIL) ? data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:1999:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *s = (char *) fs_get (strlen (command) + (args ? strlen (args) + 1 : 0) data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:1999:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *s = (char *) fs_get (strlen (command) + (args ? strlen (args) + 1 : 0) data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:2157:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (stream->reply + 4),len))) { data/alpine-2.24+dfsg1/imap/src/c-client/nntp.c:2229:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stream->reply = (char *) fs_get (20+strlen (text)); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:37:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(rv + strlen(rv), "%x", (unsigned int) (random() % 256)); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:38:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(rv + strlen(rv), "%c", '-'); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:40:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(rv + strlen(rv), "%x", (unsigned int) (random() % 256)); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:41:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(rv + strlen(rv), "%c", '-'); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:43:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(rv + strlen(rv), "%x", (unsigned int) (random() % 256)); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:44:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(rv + strlen(rv), "%c", '-'); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:46:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(rv + strlen(rv), "%x", (unsigned int) (random() % 256)); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:47:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(rv + strlen(rv), "%c", '-'); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:49:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(rv + strlen(rv), "%x", (unsigned int) (random() % 256)); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:83:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rv = fs_get((strlen(s) + i*(strlen(tenant)-1) + 1)*sizeof(char)); data/alpine-2.24+dfsg1/imap/src/c-client/oauth2_aux.c:83:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rv = fs_get((strlen(s) + i*(strlen(tenant)-1) + 1)*sizeof(char)); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:435:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp),"/user=\"%s\"}%s",usr,mb.mailbox); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:517:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (s) > 4) && (s[4] == ' ')) s[4] = '\0'; data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:528:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (s) > 4) && (s[4] == ' ')) s[4] = '\0'; data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:610:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (mb->host,(long) mail_parameters (NIL,GET_SASLUSESPTRNAME,NIL) ? data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:689:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pwd, app_pwd, MAILTMPLEN); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:730:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (LOCAL->reply),len))) { data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:756:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = fs_get((strlen(base) + strlen(v) + 1 + 2)*sizeof(char)); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:756:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = fs_get((strlen(base) + strlen(v) + 1 + 2)*sizeof(char)); data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:1079:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *s = (char *) fs_get (strlen (command) + (args ? strlen (args) + 1: 0) data/alpine-2.24+dfsg1/imap/src/c-client/pop3.c:1079:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *s = (char *) fs_get (strlen (command) + (args ? strlen (args) + 1: 0) data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:207:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = env->followup_to = (char *) fs_get (1 + strlen (d)); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:232:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = env->newsgroups = (char *) fs_get (1 + strlen (d)); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:379:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s1 = (char *) rfc822_base64 (s, strlen(s), &k); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:389:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). INIT(&b, mail_string, t, strlen(t)); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:391:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(t), &b, BADHOST, 0, 0); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:443:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen (s1) + 2; /* length of cookie and header */ data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:641:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stl->text.size = strlen ((char *) stl->text.data); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1020:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen (s) + 2; /* @ plus domain plus delimiter or NUL */ data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1100:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (v = (char *) fs_get (strlen (adr->mailbox) + strlen (s) + 2), data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1100:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (v = (char *) fs_get (strlen (adr->mailbox) + strlen (s) + 2), data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1130:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((*end == '(') && (s = rfc822_skip_comment (&end,LONGT)) && strlen (s)) data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1156:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (ret = (char *) fs_get (len + 1),string,len); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1178:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (v = (char *) fs_get (strlen (ret) + strlen (s) + 2), data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1178:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (v = (char *) fs_get (strlen (ret) + strlen (s) + 2), data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1228:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return str + strlen (str); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1246:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!st || !*st) return str + strlen (str); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1458:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return rfc822_output_data (buf,string,strlen (string)); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1521:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). long i = env->remail ? strlen (env->remail) : 0; data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1580:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). long pretty = strlen (type); data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:1681:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (src[strlen (src) - 1] == '.')))) { data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:2294:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf.end = (buf.beg = buf.cur = *header + strlen (*header)) + SENDBUFLEN - 1; data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:2312:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf.end = (buf.beg = buf.cur = *header + strlen (*header)) + SENDBUFLEN - 1; data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:2331:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf.end = (buf.beg = buf.cur = dest + strlen (dest)) + SENDBUFLEN - 1; data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:2349:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf.end = (buf.beg = buf.cur = dest + strlen (dest)) + SENDBUFLEN - 1; data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:2366:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf.end = (buf.beg = buf.cur = dest + strlen (dest)) + SENDBUFLEN - 1; data/alpine-2.24+dfsg1/imap/src/c-client/rfc822.c:2383:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf.end = (buf.beg = buf.cur = *dst + strlen (*dst)) + SENDBUFLEN - 1; data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:152:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else do if (strlen (*hostlist) < SMTPMAXDOMAIN) { data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:241:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (mb.host, data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:369:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (stream->reply + 4),len))) { data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:477:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !((strlen (env->return_path->mailbox) > SMTPMAXLOCALPART) || data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:478:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen (env->return_path->host) > SMTPMAXDOMAIN))) { data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:480:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp),"@%s",env->return_path->host); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:485:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen (env->return_path->adl) > SMTPMAXPATH)) || data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:486:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen (env->return_path->mailbox) > SMTPMAXLOCALPART) || data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:487:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen (env->return_path->host) > SMTPMAXDOMAIN))) data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:490:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (tmp,">"); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:497:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp)," ENVID=%.100s",ESMTP.dsn.envid); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:581:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (adr->mailbox) > MAXLOCALPART) { data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:585:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ((strlen (adr->host) > SMTPMAXDOMAIN)) { data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:590:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (adr->adl && (strlen (adr->adl) > SMTPMAXPATH)) { data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:600:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp),"@%s>",adr->host); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:603:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (tmp,">"); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:609:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = tmp + strlen (tmp); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:614:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*s) s[strlen (s) - 1] = '\0'; data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:620:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp)," ORCPT=%.500s",orcpt); data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:650:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *s = (char *) fs_get (strlen (command) + (args ? strlen (args) + 1 : 0) data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:650:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *s = (char *) fs_get (strlen (command) + (args ? strlen (args) + 1 : 0) data/alpine-2.24+dfsg1/imap/src/c-client/smtp.c:798:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stream->reply = (char *) fs_get (20+strlen (text)); data/alpine-2.24+dfsg1/imap/src/c-client/utf8.c:379:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (*script && (strlen (script) < 128)) data/alpine-2.24+dfsg1/imap/src/c-client/utf8.c:396:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (*charset && (strlen (charset) < 128)) data/alpine-2.24+dfsg1/imap/src/c-client/utf8.c:419:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0, j = sizeof (BADCSS) + sizeof (BADCSE) + strlen (charset) - 2; data/alpine-2.24+dfsg1/imap/src/c-client/utf8.c:421:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j += strlen (utf8_csvalid[i].name) + 1; data/alpine-2.24+dfsg1/imap/src/c-client/utf8aux.c:418:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (s = cpytxt (&utf7,src,strlen (src)); *s; ++s) switch (*s) { data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:186:17: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getchar ()) != EOF) putc (c,f); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:198:15: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getchar ()) != EOF) { data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:243:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (mailbox) <= NETMAXMBX) && data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:443:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp),"file type %07o",(unsigned int) type); data/alpine-2.24+dfsg1/imap/src/dmail/dmail.c:566:23: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (!strcmp (ucase (strncpy (tmp,string,11)),"[TRYCREATE]")) trycreate = T; data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:437:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen (tag) > MAXTAG) data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:468:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (arg && ((i = strlen (arg)) > 3) && data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:488:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else cls = strlen (cl); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:490:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (((bbs = strlen (bb[i])) < cls) && data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:575:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *msg = (char *) fs_get (strlen (cmd) + strlen (s) + 2); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:575:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *msg = (char *) fs_get (strlen (cmd) + strlen (s) + 2); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:675:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (v) < data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:676:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((size_t) (MAILTMPLEN - ((u += strlen (u)) + 2 - tmp)))) { data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1050:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (tmp,t,i)[i] = '\0'; data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1235:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp)," MESSAGES %lu",stream->nmsgs); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1237:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp)," RECENT %lu",stream->recent); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1241:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp)," UNSEEN %lu",unseen); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1244:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp)," UIDNEXT %lu",stream->uid_last+1); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1246:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen(tmp)," UIDVALIDITY %lu", data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1487:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (((i = strlen (tmp)) > 3) && (tmp[i - 1] == '}') && data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:1720:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc (alf)) != EOF) { data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:2184:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (((i = strlen (t)) > 3) && (t[i - 1] == '}') && data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:2407:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(tail = strpbrk ((s = *arg)," )"))) tail = *arg + strlen (*arg); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:2763:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (list && (i = strlen (s)) && (s[i-1] == ')')) { data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3011:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *tmp = (char *) fs_get (100 + strlen (ta->section)); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3040:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *tmp = (char *) fs_get (100+(ta->section ? strlen (ta->section) : 0)); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3071:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *tmp = (char *) fs_get (100+(ta->section ? strlen (ta->section) : 0)); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3141:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (st.size) sprintf (tmp + strlen (tmp),"{%lu}\015\012",st.size); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3170:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned long len = 100 + (ta->section ? strlen (ta->section) : 0); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3187:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (tmp,"]"); /* close section specifier */ data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3210:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *tmp = (char *) fs_get (100+(ta->section ? strlen (ta->section) : 0)); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3691:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). st.size = strlen (s); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:3845:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ta->first || ta->last) sprintf (id + strlen (id),"<%lu>",ta->first); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4010:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *s = litstk[litsp++] = (char *) fs_get (strlen (name) + 9); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4043:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (ref) > NETMAXMBX) { data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4048:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (pat) > NETMAXMBX) { data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4055:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pattern += strlen (pattern); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4062:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ((*pat == '.') && (pattern[strlen (pattern) - 1] == '.')) data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4086:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen ((char *) (t = initial)); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4202:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen (t) < ((size_t) (MAILTMPLEN-((s += strlen (s))+2-tmp))))) { data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4202:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen (t) < ((size_t) (MAILTMPLEN-((s += strlen (s))+2-tmp))))) { data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4273:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (((j = strlen (ad->arg)) > 3) && (ad->arg[j - 1] == '}') && data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4438:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp)," MESSAGES %lu",status->messages); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4440:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp)," RECENT %lu",status->recent); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4442:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp)," UNSEEN %lu",status->unseen); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4444:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp)," UIDNEXT %lu",status->uidnext); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4446:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen(tmp)," UIDVALIDITY %lu",status->uidvalidity); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4549:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (s - string) : strlen (string); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4567:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (s - string) : strlen (string); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4648:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (username,*mb->user ? mb->user : (char *) user,NETMAXUSER); data/alpine-2.24+dfsg1/imap/src/imapd/imapd.c:4723:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (s - string) : strlen (string); data/alpine-2.24+dfsg1/imap/src/ipopd/ipop2d.c:289:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen (p) >= TMPLEN)) { /* get user name and password */ data/alpine-2.24+dfsg1/imap/src/ipopd/ipop2d.c:348:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (tmp,stream->mailbox,i = (++s - stream->mailbox)); data/alpine-2.24+dfsg1/imap/src/ipopd/ipop2d.c:401:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += strlen (status); /* update size to reflect status */ data/alpine-2.24+dfsg1/imap/src/ipopd/ipop2d.c:652:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (username,*mb->user ? mb->user : user,NETMAXUSER-1); data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:508:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen (s); /* point to end of string */ data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:523:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen (s); /* point to end of string */ data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:711:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (char *) rfc822_base64 (t,strlen ((char *) t),rlen ? rlen : &i); data/alpine-2.24+dfsg1/imap/src/ipopd/ipop3d.c:1019:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (username,*mb->user ? mb->user : user,NETMAXUSER-1); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:338:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((len - (curlen = (t += strlen (t)) - s)) < 20) { data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:347:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = s + strlen (s); /* end of buffer */ data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:493:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). needed = strlen(*sequence ? *sequence : "") + strlen(tmp) + 1; data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:493:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). needed = strlen(*sequence ? *sequence : "") + strlen(tmp) + 1; data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:500:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcat(*sequence + strlen(*sequence), tmp); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:757:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (ndst = (char *) fs_get (strlen (dst) + strlen (suffix) + 1), data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:757:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (ndst = (char *) fs_get (strlen (dst) + strlen (suffix) + 1), data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:773:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (source->user_flags[i]) len += strlen (source->user_flags[i]) + 1; data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:777:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *flags = (char *) fs_get (1 + len + strlen (tail) + 1); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:792:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). INIT (&st,mail_string,dummymsg,strlen (dummymsg)); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:870:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (MAILTMPLEN - ((t += strlen (t)) - tmp)) > (long) (2 + strlen (t1))){ data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:870:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (MAILTMPLEN - ((t += strlen (t)) - tmp)) > (long) (2 + strlen (t1))){ data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:1042:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*mb->user) sprintf (tmp+strlen (tmp),"/user=%s", data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:1044:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*mb->authuser) sprintf (tmp+strlen (tmp),"/authuser=%s",mb->authuser); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:1053:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen (s = getpass (s)) < MAILTMPLEN) *password = cpystr(s); data/alpine-2.24+dfsg1/imap/src/mailutil/mailutil.c:1063:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*mb->user) sprintf (tmp+strlen (tmp),"/user=%s", data/alpine-2.24+dfsg1/imap/src/mlock/mlock.c:87:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (++file); data/alpine-2.24+dfsg1/imap/src/mlock/mlock.c:93:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (dir,argv[2],dlen); /* connect to desired directory */ data/alpine-2.24+dfsg1/imap/src/mlock/mlock.c:126:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (hitch); /* append local host name */ data/alpine-2.24+dfsg1/imap/src/mlock/mlock.c:171:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (0,tmp,1); /* read continue signal from parent */ data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:292:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cur->text.size = strlen ((char *) (cur->text.data = (unsigned char *) data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:295:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cur->text.size = strlen ((char *) (cur->text.data = (unsigned char *) data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:298:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cur->text.size = strlen ((char *) (cur->text.data = (unsigned char *) data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:301:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cur->text.size = strlen ((char *) (cur->text.data = (unsigned char *) data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:304:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cur->text.size = strlen ((char *) (cur->text.data = (unsigned char *) data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:307:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cur->text.size = strlen ((char *) (cur->text.data = (unsigned char *) data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:310:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cur->text.size = strlen ((char *) (cur->text.data = (unsigned char *) data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:398:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy (tmp+18,t,(size_t) min (20,(long) strlen (t))); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:400:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (tmp," "); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:402:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (tmp,"{"); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:405:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (i) strcat (tmp," "); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:409:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp),"%.25s (%lu chars)", data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:438:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (tmp," "); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:440:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (tmp,"{"); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:443:14: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (i) strcat (tmp," "); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:447:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mail_fetchsubject (t = tmp + strlen (tmp),stream,msgno,(long) 25); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:448:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (t += strlen (t)," (%lu chars)",cache->rfc822_size); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:474:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (body->subtype) sprintf (s += strlen (s),"/%s",body->subtype); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:475:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (body->description) sprintf (s += strlen (s)," (%s)",body->description); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:477:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s),";%s=%s",par->attribute,par->value); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:479:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (body->id) sprintf (s += strlen (s),", id = %s",body->id); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:483:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s)," (%lu lines)",body->size.lines); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:486:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s)," (%lu bytes)",body->size.bytes); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:607:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(txt[strlen(txt)-1] == '\012') data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:608:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). txt[strlen(txt)-1] = '\0'; data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:609:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(txt[strlen(txt)-1] == '\015') data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:610:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). txt[strlen(txt)-1] = '\0'; data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:712:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). curhst = (char *) fs_get (1+strlen (mb->host)); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:715:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*mb->user) sprintf (tmp+strlen (tmp),"/user=%s",strcpy (user,mb->user)); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:716:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*mb->authuser) sprintf (tmp+strlen (tmp),"/authuser=%s",mb->authuser); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:802:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(line[strlen(line)-1] == '\012') data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:803:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line[strlen(line)-1] = '\0'; data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:804:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(line[strlen(line)-1] == '\015') data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:805:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line[strlen(line)-1] = '\0'; data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:808:12: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. else strcat (text,"."); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:814:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). body->contents.text.size = strlen (text); data/alpine-2.24+dfsg1/imap/src/mtest/mtest.c:816:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg->date = (char *) fs_get (1+strlen (line)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:169:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (file,test,i = s - test); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:217:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int showuppers = pat[strlen (pat) - 1] == '%'; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:292:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!dir || dir[(len = strlen (dir)) - 1] == '/') while (d = readdir (dp)) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:297:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((len + strlen (d->d_name)) <= NETMAXMBX)) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:303:20: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. pmatch_full (strcat (path,"/"),pat,'/') || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:305:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mailboxdir (path,dir,"x") && (len = strlen (path)) && data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:381:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (fd,buf+ssiz,bsiz = min (fsiz,BUFSIZE)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:436:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (!(attributes & LATT_NOSELECT) && (csiz = strlen (contents)) && data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:481:14: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). int mask = umask (0); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:489:7: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (mask); /* restore mask */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/dummy.c:506:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (mask); /* restore mask */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:330:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). date += strlen (date); /* make next sprintf append */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:389:20: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). switch (mask = umask (022)){/* check old umask */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:394:7: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (mask); /* so change it back */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:484:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memset (s,0,strlen (s)); /* erase sensitive information */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:513:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (user) >= NETMAXUSER) || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:514:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (authuser && (strlen (authuser) >= NETMAXUSER))) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:665:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (((s = (char *) getlogin ()) && *s && (strlen (s) < NETMAXUSER) && data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:673:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((s = getenv ("HOME")) && *s && (strlen (s) < NETMAXMBX) && data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:758:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (dir) > NETMAXMBX) return NIL; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:763:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (name) > NETMAXMBX) return NIL; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:784:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!name || !*name || (*name == '{') || (strlen (name) > NETMAXMBX) || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:875:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (file) > 512) return NIL; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:908:12: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). mask = umask (0); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:916:7: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (mask) /* restore old umask */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:919:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (mask) /* restore old umask */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:960:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read (pi[0],tmp,1) == 1) && (tmp[0] == '+')) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:1059:14: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). int mask = umask (0); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:1076:7: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (mask); /* restore old mask */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:1086:7: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (mask); /* restore old mask */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:1099:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read (fd,tmp,i) == i) && !(tmp[i] = 0) && ((i = atol (tmp)) > 0)) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:1102:7: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (mask); /* restore old mask */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/env_ami.c:1113:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (mask); /* restore old mask */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/fdstring.c:67:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (d->fd,s->chunk,(size_t) s->cursize); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/fdstring.c:97:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read ((long) s->data,s->curpos,(size_t) s->cursize); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:219:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (fd,hdr,HDRSIZE) == HDRSIZE) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:237:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read (fd,hdr,HDRSIZE) != HDRSIZE)) ret = -1; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:250:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (s) <= MAXUSERFLAG) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:259:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((j = read (fd,hdr,64)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:408:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s),"%s\015\012",t); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:709:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s = LOCAL->buf,*length); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:941:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (LOCAL->buf + strlen (LOCAL->buf), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:947:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((write (LOCAL->fd,LOCAL->buf,strlen (LOCAL->buf)) < 0) || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:957:14: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. if (r == 1) strcpy (tmp,"1"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1038:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (LOCAL->buf+strlen(LOCAL->buf),",%lu;%08lx%04x-%08lx\015\012", data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1044:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ret = (write (fd,LOCAL->buf,strlen (LOCAL->buf)) > 0)) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1046:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,j); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1269:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,HDRSIZE); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1284:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!stream->user_flags[i] && (strlen (s) <= MAXUSERFLAG)) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1303:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1509:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (LOCAL->fd,LOCAL->buf,14) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1552:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s),"%s\015\012",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1593:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (LOCAL->fd,LOCAL->buf,14) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1652:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read (LOCAL->fd,s,i) == i); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mbx.c:1757:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,m); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:204:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ((name[0] != '#') && (s = mh_path (tmp)) && (i = strlen (s)) && data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:248:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (fd,(t = (char *) fs_get (sbuf.st_size + 1)),sbuf.st_size); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:361:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (file,test+4,i = s - (test+4)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:426:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp = curdir + strlen (curdir);/* end of directory name */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:427:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). np = name + strlen (name); /* end of MH name */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:486:33: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. dummy_create_path (stream,strcat (tmp,"/"), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:512:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen (mh_file (tmp,mailbox)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:853:28: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. dummy_create_path (stream,strcat (mh_file (tmp,MHINBOX),"/"), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1070:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (flags,")"); /* close list */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1109:31: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. dummy_create_path (stream,strcat (tmp,"/"), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1154:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp),"/%ld",++last); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mh.c:1254:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ((*pat == '/') && (pattern[strlen (pattern) - 1] == '/')) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:239:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(errno = ((strlen (name) > NETMAXMBX) ? ENAMETOOLONG : NIL)) && data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:319:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t namelen = strlen (name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:325:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s = (char *) fs_get (namelen + strlen (names[i]->d_name) + 2), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:429:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = file + strlen (file) - (sizeof (MIXMETA) - 1); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:545:40: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. else if (dummy_create_path (stream,strcat (tmp1,"/"), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:551:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t srcl = strlen (tmp); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:552:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t dstl = strlen (tmp1); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:556:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen (names[i]->d_name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:734:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((read (LOCAL->msgfd,LOCAL->buf,j) == j) && data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:961:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (flags,")"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1399:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hdrsize = strlen (local->buf); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1439:11: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (strcat (tmp," "),t); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1447:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (tmp,")"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1557:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hdrsize = strlen (local->buf); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:1788:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*k && (strlen (k) <= MAXUSERFLAG)) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2169:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read (LOCAL->mfd,s = LOCAL->buf,sbuf.st_size) != sbuf.st_size)) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2205:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (LOCAL->buf + strlen (LOCAL->buf),MTAFMT, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2207:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0, c = 'K', s = ss = LOCAL->buf + strlen (LOCAL->buf); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2254:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size *= strlen (tmp); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2258:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += strlen (tmp); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2336:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size *= strlen (tmp); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2339:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += strlen (tmp); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2530:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((getc (srtcf) != 'F') || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2534:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\015') || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2535:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\012')) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2542:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((getc (srtcf) != 'T') || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2546:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\015') || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2547:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\012')) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2554:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((getc (srtcf) != 'C') || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2558:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\015') || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2559:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\012')) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2566:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((getc (srtcf) != 'S') || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2571:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\015') || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2572:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\012')) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2581:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((getc (srtcf) != 'M') || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2586:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\015') || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2587:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\012')) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2601:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((getc (srtcf) != 'R') || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2605:6: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\015') || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2606:6: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\012')) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2706:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s->from ? strlen (s->from) + 1 : 0, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2707:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s->to ? strlen (s->to) + 1 : 0,s->cc ? strlen (s->cc) + 1 : 0, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2707:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s->to ? strlen (s->to) + 1 : 0,s->cc ? strlen (s->cc) + 1 : 0, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2708:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s->refwd ? 'R' : ' ',s->subject ? strlen (s->subject) + 1: 0, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mix.c:2709:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s->message_id ? strlen (s->message_id) + 1 : 0,j); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:399:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (fd,tmp,MAILTMPLEN-1) >= 0) ret = ISMMDF (tmp) ? T : NIL; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:487:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rfc822_date (s = tmp + strlen (tmp)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:488:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s), /* write the pseudo-header */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:493:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s)," %s",default_user_flag (i)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:494:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n%s",pseudo_msg,mmdfhdr); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:495:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write (fd,tmp,strlen (tmp)) > 0) ret = T; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:656:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write (fd,tmp,(i = strlen (tmp))+1); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:740:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:743:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:746:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:749:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:752:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:755:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:769:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.msg.header.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:779:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s = (char *) fs_get (elt->private.msg.header.text.size+1), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:846:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.msg.text.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1091:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1379:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc (sf)) != '\n') switch (c) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1391:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (i < (j = strlen (tmp))) fatal ("mmdf_append_msgs overrun"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1736:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(u = strpbrk (s," \n\r"))) u = s + strlen (s); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:1797:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (stream->user_flags[j],s,k); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:2136:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (s = hdr + strlen (hdr),i = 0; i < NUSERFLAGS; ++i) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:2138:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s)," %s",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:2139:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n%s",pseudo_msg,mmdfhdr); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:2140:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen (hdr); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mmdf.c:2302:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:185:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((read (fd,tmp,64) >= 0) && (s = strchr (tmp,'\015')) && data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:515:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,*length); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:686:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (LOCAL->buf + strlen (LOCAL->buf), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:692:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((write (LOCAL->fd,LOCAL->buf,strlen (LOCAL->buf)) < 0) || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:702:14: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. if (r == 1) strcpy (tmp,"1"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:801:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,m); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:918:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,j); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:1123:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:1265:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (LOCAL->fd,LOCAL->buf,12) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mtx.c:1344:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read (LOCAL->fd,s = tmp, data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:179:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (name) <= NETMAXMBX) && *mx_file (tmp,name) && data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:274:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t namelen = strlen (name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:280:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s = (char *) fs_get (namelen + strlen (names[i]->d_name) + 2), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:350:14: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). int mask = umask (0); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:371:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (mask); /* restore mask */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:454:40: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. else if (dummy_create_path (stream,strcat (tmp1,"/"), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:459:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t srcl = strlen (tmp); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:460:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t dstl = strlen (tmp1); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:494:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen (name); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:636:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (fd,LOCAL->buf,elt->rfc822_size); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:951:16: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (strcat (tmp," "),t); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:959:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (tmp,")"); /* close list */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1177:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s = idx = (char *) fs_get (sbuf.st_size + 1),sbuf.st_size); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1193:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen (t) <= MAXUSERFLAG)) stream->user_flags[k] = cpystr (t); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1249:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s),"K%s\n",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1253:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (((s += strlen (s)) - tmp) > MXIXBUFLEN) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/mx.c:1265:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((s += strlen (s)) != tmp) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:161:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (fd,t = s = (char *) fs_get (sbuf.st_size+1),sbuf.st_size); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:228:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (fd,s = (char *) fs_get (sbuf.st_size + 1),sbuf.st_size); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:232:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen (pattern); /* length of pattern */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/news.c:278:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ((*pat == '.') && (pattern[strlen (pattern) - 1] == '.')) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/phile.c:317:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (fd,buf->data = (unsigned char *) fs_get (buf->size + 1),buf->size); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/phile.c:457:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *length = strlen (LOCAL->tmp); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/ssl_none.c:56:11: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = getchar (); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:123:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (host[0] == '[' && host[(strlen (host))-1] == ']') { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:125:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hostname[(strlen (hostname))-1] = '\0'; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:260:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((i = *ctr = read (sock,tmp,1)) < 0) && (errno == EINTR)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:402:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((i = read (stream->tcpsi,s,(int) min (maxposint,size))) < 0) && data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:450:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((i = read (stream->tcpsi,stream->ibuf,BUFLEN)) < 0) && data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:472:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return tcp_sout (stream,string,(unsigned long) strlen (string)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tcp_ami.c:721:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (name[0] == '[' && name[strlen (name) - 1] == ']') return name; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:192:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((read (fd,tmp,64) >= 0) && (s = strchr (tmp,'\012')) && data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:516:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.msg.full.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:567:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,*length = i); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:572:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s,i); /* slurp the data */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:614:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,i); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:629:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s,i); /* slurp the data */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:775:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (LOCAL->buf + strlen (LOCAL->buf), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:781:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((write (LOCAL->fd,LOCAL->buf,strlen (LOCAL->buf)) < 0) || data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:791:14: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. if (r == 1) strcpy (tmp,"1"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:890:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,m); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1008:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,j); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1235:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1377:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (LOCAL->fd,LOCAL->buf,12) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tenex.c:1456:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s = LOCAL->buf,i = min (msiz-siz,(long) MAILTMPLEN)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/tz_bsd.c:37:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s + strlen (s)," (%.50s)",((struct tm *) t)->tm_zone); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:250:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (fd,tmp,MAILTMPLEN-1) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:347:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rfc822_fixed_date (s = tmp + strlen (tmp)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:349:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:354:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s)," %s",default_user_flag (i)); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:355:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n\n",pseudo_msg); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:356:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write (fd,tmp,strlen (tmp)) > 0) ret = T; data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:517:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write (fd,tmp,(i = strlen (tmp))+1); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:601:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:604:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:607:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:610:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:613:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:616:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:630:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.msg.header.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:640:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s = (char *) fs_get (elt->private.msg.header.text.size+1), data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:707:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.msg.text.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:956:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1242:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc (sf)) != '\n') switch (c) { data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1254:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (i < (j = strlen (tmp))) fatal ("unix_append_msgs overrun"); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1572:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(u = strpbrk (s," \n\r"))) u = s + strlen (s); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1633:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (stream->user_flags[j],s,k); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1973:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (s = hdr + strlen (hdr),i = 0; i < NUSERFLAGS; ++i) data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1975:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s)," %s",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1976:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n\n",pseudo_msg); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:1977:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen (hdr); /* return header length */ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:2139:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.c:2611:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (sfd,s = (char *) fs_get (size + 1),size); data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.h:96:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(realtime,"\n"); \ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.h:97:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&x[start],realtime,strlen(realtime)); \ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.h:97:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(&x[start],realtime,strlen(realtime)); \ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.h:126:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(realtime,"\n"); \ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.h:127:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&x[start],realtime,strlen(realtime)); \ data/alpine-2.24+dfsg1/imap/src/osdep/amiga/unix.h:127:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(&x[start],realtime,strlen(realtime)); \ data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:176:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (fd,tmp,MAILTMPLEN-1) >= 0) data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:410:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,(size_t) *length); data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:539:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,tmp,(unsigned int) k); data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:770:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). db = datemsg + strlen (strcpy (datemsg,"Unparsable date: ")); data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:776:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,tmp,j = (int) min (i,(long) MAILTMPLEN)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:833:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen (s); /* length of unread data in buffer */ data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:838:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s = tmp,j = (int) min (i,(long) MAILTMPLEN)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/bezrkdos.c:882:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read (LOCAL->fd,s = tmp, data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:167:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (file,test,(size_t) (i = s - test)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:206:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int showuppers = pat[strlen (pat) - 1] == '%'; data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:264:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcat (tmp,(tmp[strlen (tmp) -1] == '\\') ? "*." : "\\*."); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:272:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (tmpx[strlen (tmpx) - 1] == '\\') do if (*f.name != '.') { data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:275:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (dir) sprintf (tmpx + strlen (tmpx),"%s%s",dir,f.name); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:288:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (tmp,"\\"); /* set up for dmatch call */ data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:291:26: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. else if (pmatch_full (strcat (tmp,"\\"),pat,'\\')) data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:327:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((attributes & LATT_NOSELECT) || !(csiz = strlen (contents)) || data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:334:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (fd,buf+ssiz,bsiz = min (sbuf.st_size,BUFSIZE)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/dummydos.c:382:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (tmp,path,(size_t) (s - path)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.c:135:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). date += strlen (date); /* make next sprintf append */ data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.c:142:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (date + strlen (date)," (%.50s)", data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.c:177:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen (myHomeDir = cpystr ((s = getenv ("HOME")) ? s : "")); data/alpine-2.24+dfsg1/imap/src/osdep/dos/env_dos.c:202:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ext) sprintf (dst + strlen (dst),".%s",ext); data/alpine-2.24+dfsg1/imap/src/osdep/dos/fdstring.c:67:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (d->fd,s->chunk,(size_t) s->cursize); data/alpine-2.24+dfsg1/imap/src/osdep/dos/fdstring.c:97:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read ((long) s->data,s->curpos,(size_t) s->cursize); data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:172:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((read (fd,tmp,64) >= 0) && (s = strchr (tmp,'\015')) && data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:361:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,(size_t) *length); data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:482:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,tmp,(size_t) m); data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:560:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,tmp,(size_t) j); data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:731:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((i = read (LOCAL->fd,lbuf,64)) <= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/dos/mtxdos.c:849:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read (LOCAL->fd,s = tmp, data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dbw.c:49:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define read soread data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dnv.c:50:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define read soread data/alpine-2.24+dfsg1/imap/src/osdep/dos/os_dpc.c:76:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (tmp,"]"); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dos.c:80:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (host[0] == '[' && host[(strlen (host))-1] == ']') { data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dos.c:82:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp[strlen (tmp)-1] = '\0'; data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dos.c:284:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((i = read (stream->tcps,stream->ibuf,BUFLEN)) < 0) && data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dos.c:301:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return tcp_sout (stream,string,(unsigned long) strlen (string)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_dwa.c:64:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (host[0] == '[' && host[strlen (host)-1] == ']') { data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:129:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (host[0] == '[' && host[(strlen (host))-1] == ']') { data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:131:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp[strlen (tmp)-1] = '\0'; data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:372:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else while (((i = read (stream->tcpsi,s,(int) min (maxposint,size))) < data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:427:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else while (((i = read (stream->tcpsi,stream->ibuf,BUFLEN)) < 0) && data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:453:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return tcp_sout (stream,string,(unsigned long) strlen (string)); data/alpine-2.24+dfsg1/imap/src/osdep/dos/tcp_wsk.c:724:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (name[0] == '[' && name[strlen (name) - 1] == ']') return name; data/alpine-2.24+dfsg1/imap/src/osdep/mac/env_mac.c:100:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (date += strlen (date),"%+03ld%02ld",tz/60,tzm >= 0 ? tzm : -tzm); data/alpine-2.24+dfsg1/imap/src/osdep/mac/tcp_mac.c:108:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (host[0] == '[' && host[strlen (host)-1] == ']') { data/alpine-2.24+dfsg1/imap/src/osdep/mac/tcp_mac.c:224:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stream->host[strlen (stream->host) - 1] = '\0'; data/alpine-2.24+dfsg1/imap/src/osdep/mac/tcp_mac.c:403:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return tcp_sout (stream,string,(unsigned long) strlen (string)); data/alpine-2.24+dfsg1/imap/src/osdep/mac/tcp_mac.c:528:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (name[0] == '[' && name[i = (strlen (name))-1] == ']') data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:165:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (file,test,(size_t) (i = s - test)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:205:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int showuppers = pat[strlen (pat) - 1] == '%'; data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:260:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcat (tmp,(tmp[strlen (tmp) -1] == '\\') ? "*.*" : "\\*.*"); data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:267:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!dir || dir[(len = strlen (dir)) - 1] == '\\') do data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:270:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((len + strlen (f.name)) <= NETMAXMBX)) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:276:20: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. pmatch_full (strcat (tmp,"\\"),pat,'\\') || data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:287:8: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (tmp,"\\");/* set up for dmatch call */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:290:28: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. else if (pmatch_full (strcat (tmp,"\\"),pat,'\\') && data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:329:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcat (tmp,(tmp[strlen (tmp) -1] == '\\') ? "*.*" : "\\*.*") && data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:340:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((attributes & LATT_NOSELECT) || !(csiz = strlen (contents)) || data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:348:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (fd,buf+ssiz,bsiz = min (sbuf.st_size,BUFSIZE)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/dummynt.c:399:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (tmp,path,(size_t) (s - path)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:193:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). date += strlen (date); /* make next sprintf append */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:205:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (date + strlen (date)," (%.50s)",tz); data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:378:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (user) >= MAILTMPLEN) || data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:379:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (authuser && (strlen (authuser) >= MAILTMPLEN))) data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:406:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memset (s,0,strlen (s));/* erase sensitive information */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:494:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MultiByteToWideChar (CP_ACP,0,user,strlen (user) + 1, data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:500:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((*(s = tmp + strlen (tmp) - 1) == '\\') || (*s == '/')) *s = '\0'; data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:504:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (tmp,s,t-s); /* copy up to user name */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:550:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((*(p = path + strlen (path) -1) == '\\') || (*p == '/')) *p = '\0'; data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:620:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (dir) > NETMAXMBX) return NIL; data/alpine-2.24+dfsg1/imap/src/osdep/nt/env_nt.c:625:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (name) > NETMAXMBX) return NIL; data/alpine-2.24+dfsg1/imap/src/osdep/nt/fdstring.c:67:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (d->fd,s->chunk,(size_t) s->cursize); data/alpine-2.24+dfsg1/imap/src/osdep/nt/fdstring.c:97:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read ((long) s->data,s->curpos,(size_t) s->cursize); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip4_nt.c:169:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (name) < MAILTMPLEN) && data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip6_nt.c:129:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (text && (strlen (text) < MAILTMPLEN) && data/alpine-2.24+dfsg1/imap/src/osdep/nt/ip6_nt.c:247:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (name) < MAILTMPLEN) && data/alpine-2.24+dfsg1/imap/src/osdep/nt/kerb_w2k.c:416:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status_string->length = strlen (status_string->value = cpystr (s)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:213:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (((((j = read (fd,hdr,HDRSIZE)) == HDRSIZE) && (hdr[0] == '*')) || data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:216:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read (fd,hdr+1,HDRSIZE-1) == (HDRSIZE-1)) && (hdr[0] = '*'))) && data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:232:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read (fd,hdr+1,HDRSIZE-1) != (HDRSIZE-1))) ret = -1; data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:245:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (s) <= MAXUSERFLAG) data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:254:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((j = read (fd,hdr,64)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:397:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s),"%s\015\012", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:658:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s = LOCAL->buf,*length); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:914:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (LOCAL->buf+strlen(LOCAL->buf),",%lu;%08lx%04x-%08lx\015\012", data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:920:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ret = (write (fd,LOCAL->buf,strlen (LOCAL->buf)) > 0)) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:922:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,j); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1136:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,HDRSIZE); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1151:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!stream->user_flags[i] && (strlen (s) <= MAXUSERFLAG)) data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1160:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1366:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (LOCAL->fd,LOCAL->buf,14) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1407:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s),"%s\015\012",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1447:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (LOCAL->fd,LOCAL->buf,14) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1506:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read (LOCAL->fd,s,i) == i); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mbxnt.c:1601:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,m); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:186:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((read (fd,tmp,64) >= 0) && (s = strchr (tmp,'\015')) && data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:487:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,*length); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:676:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,m); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:790:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,j); data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:982:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:1124:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (LOCAL->fd,LOCAL->buf,12) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/mtxnt.c:1206:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read (LOCAL->fd,s = tmp, data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:161:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp),"%.80s%lx%.80s%lx%lx%lx%lx%lx", data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:166:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). RAND_seed (tmp,strlen (tmp)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:421:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (scc && (s = (*scc) ()) && (sl = strlen(s))) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:429:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((t = (sck ? (*sck) () : s)) && (tl = strlen(t))) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_libressl.c:777:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return ssl_sout (stream,string,(unsigned long) strlen (string)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_none.c:56:11: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = getchar (); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_w2k.c:560:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return ssl_sout (stream,string,(unsigned long) strlen (string)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/ssl_win.c:722:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return ssl_sout (stream,string,(unsigned long) strlen (string)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/sslstdio.c:36:13: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = getchar (); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:143:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (host[0] == '[' && host[(strlen (host))-1] == ']') { data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:145:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp[strlen (tmp)-1] = '\0'; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:407:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((i = read (stream->tcpsi,s,(int) min (maxposint,size))) < 0) && data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:478:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((i = read (stream->tcpsi,stream->ibuf,BUFLEN)) < 0) && data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:535:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return tcp_sout (stream,string,(unsigned long) strlen (string)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tcp_nt.c:859:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (name[0] == '[' && name[strlen (name) - 1] == ']') return cpystr(name); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:194:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((read (fd,tmp,64) >= 0) && (s = strchr (tmp,'\012')) && data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:487:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.msg.full.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:520:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,*length = i); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:525:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s,i); /* slurp the data */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:567:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (LOCAL->fd,LOCAL->buf,i) != (long) i) return NIL; data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:582:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s,i); /* slurp the data */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:746:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,m); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:861:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,j); data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:1073:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:1216:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (LOCAL->fd,LOCAL->buf,12) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/tenexnt.c:1298:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s = LOCAL->buf,i = min (msiz-siz,(long) MAILTMPLEN)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:210:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (fd,tmp,MAILTMPLEN-1) <= 0) errno = -1; data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:317:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rfc822_fixed_date (s = tmp + strlen (tmp)); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:318:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s), /* write the pseudo-header */ data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:322:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write (fd,tmp,strlen (tmp)) > 0) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:546:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:549:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:552:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:555:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:558:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:561:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:575:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.msg.header.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:580:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s = (char *) fs_get (elt->private.msg.header.text.size+1), data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:642:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.msg.text.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:877:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1180:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc (sf)) != '\n') switch (c) { data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1192:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (i < (j = strlen (tmp))) fatal ("unix_append_msgs overrun"); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1524:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(u = strpbrk (s," \n\r"))) u = s + strlen (s); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1585:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (stream->user_flags[j],s,k); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1910:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (t = hdr + strlen (hdr),i = 0; i < NUSERFLAGS; ++i) data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1912:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (t += strlen (t)," %s",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1913:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy (t += strlen (t),"\r\nStatus: RO\r\n\r\n"); data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:1914:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (s = pseudo_msg,t += strlen (t); *s; *t++ = *s++) data/alpine-2.24+dfsg1/imap/src/osdep/nt/unixnt.c:2058:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:172:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (file,test,(size_t) (i = s - test)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:212:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int showuppers = pat[strlen (pat) - 1] == '%'; data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:267:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcat (tmp,(tmp[strlen (tmp) -1] == '\\') ? "*.*" : "\\*.*"); data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:274:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!dir || dir[strlen (dir) -1] == '\\') do { data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:277:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen (f.name) <= NETMAXMBX)) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:283:20: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. pmatch_full (strcat (tmp,"\\"),pat,'\\') || data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:294:8: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (tmp,"\\");/* set up for dmatch call */ data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:297:28: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. else if (pmatch_full (strcat (tmp,"\\"),pat,'\\') && data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:335:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((attributes & LATT_NOSELECT) || !(csiz = strlen (contents)) || data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:343:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (fd,buf+ssiz,bsiz = min (sbuf.st_size,BUFSIZE)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/dummyos2.c:394:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (tmp,path,(size_t) (s - path)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.c:110:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). date += strlen (date); /* make next sprintf append */ data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.c:122:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (date + strlen (date)," (%.50s)",tz); data/alpine-2.24+dfsg1/imap/src/osdep/os2/env_os2.c:195:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ext) sprintf (dst + strlen (dst),".%s",ext); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:212:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (((((j = read (fd,hdr,HDRSIZE)) == HDRSIZE) && (hdr[0] == '*')) || data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:215:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read (fd,hdr+1,HDRSIZE-1) == (HDRSIZE-1)) && (hdr[0] = '*'))) && data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:231:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read (fd,hdr+1,HDRSIZE-1) != (HDRSIZE-1))) ret = -1; data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:244:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (s) <= MAXUSERFLAG) data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:253:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((j = read (fd,hdr,64)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:396:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s),"%s\015\012", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:657:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s = LOCAL->buf,*length); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:913:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (LOCAL->buf+strlen(LOCAL->buf),",%lu;%08lx%04x-%08lx\015\012", data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:919:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ret = (write (fd,LOCAL->buf,strlen (LOCAL->buf)) > 0)) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:921:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,j); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1135:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,HDRSIZE); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1150:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!stream->user_flags[i] && (strlen (s) <= MAXUSERFLAG)) data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1159:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1365:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (LOCAL->fd,LOCAL->buf,14) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1406:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s),"%s\015\012",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1446:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (LOCAL->fd,LOCAL->buf,14) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1505:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read (LOCAL->fd,s,i) == i); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mbxnt.c:1600:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,m); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:185:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((read (fd,tmp,64) >= 0) && (s = strchr (tmp,'\015')) && data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:486:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,*length); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:675:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,m); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:789:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,j); data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:981:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:1123:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (LOCAL->fd,LOCAL->buf,12) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/mtxnt.c:1205:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read (LOCAL->fd,s = tmp, data/alpine-2.24+dfsg1/imap/src/osdep/os2/tcp_os2.c:80:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (host[0] == '[' && host[(strlen (host))-1] == ']') { data/alpine-2.24+dfsg1/imap/src/osdep/os2/tcp_os2.c:82:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp[strlen (tmp)-1] = '\0'; data/alpine-2.24+dfsg1/imap/src/osdep/os2/tcp_os2.c:284:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((i = read (stream->tcps,stream->ibuf,BUFLEN)) < 0) && data/alpine-2.24+dfsg1/imap/src/osdep/os2/tcp_os2.c:301:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return tcp_sout (stream,string,(unsigned long) strlen (string)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:193:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((read (fd,tmp,64) >= 0) && (s = strchr (tmp,'\012')) && data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:486:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.msg.full.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:519:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,*length = i); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:524:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s,i); /* slurp the data */ data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:566:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (LOCAL->fd,LOCAL->buf,i) != (long) i) return NIL; data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:581:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s,i); /* slurp the data */ data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:745:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,m); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:860:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,j); data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:1072:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:1215:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (LOCAL->fd,LOCAL->buf,12) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/tenexnt.c:1297:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s = LOCAL->buf,i = min (msiz-siz,(long) MAILTMPLEN)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:209:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (fd,tmp,MAILTMPLEN-1) <= 0) errno = -1; data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:316:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rfc822_fixed_date (s = tmp + strlen (tmp)); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:317:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s), /* write the pseudo-header */ data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:321:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write (fd,tmp,strlen (tmp)) > 0) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:545:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:548:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:551:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:554:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:557:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:560:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:574:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.msg.header.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:579:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s = (char *) fs_get (elt->private.msg.header.text.size+1), data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:641:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.msg.text.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:876:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1179:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc (sf)) != '\n') switch (c) { data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1191:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (i < (j = strlen (tmp))) fatal ("unix_append_msgs overrun"); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1523:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(u = strpbrk (s," \n\r"))) u = s + strlen (s); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1584:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (stream->user_flags[j],s,k); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1909:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (t = hdr + strlen (hdr),i = 0; i < NUSERFLAGS; ++i) data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1911:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (t += strlen (t)," %s",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1912:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy (t += strlen (t),"\r\nStatus: RO\r\n\r\n"); data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:1913:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (s = pseudo_msg,t += strlen (t); *s; *t++ = *s++) data/alpine-2.24+dfsg1/imap/src/osdep/os2/unixnt.c:2057:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/tcp_t20.c:66:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (host[0] == '[' && host[strlen (host)-1] == ']') { data/alpine-2.24+dfsg1/imap/src/osdep/tops-20/tcp_t20.c:337:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (name[0] == '[' && name[strlen (name) - 1] == ']') data/alpine-2.24+dfsg1/imap/src/osdep/unix/ckp_os4.c:69:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove (host,host+1,i = strlen (host + 2)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/crx_nfs.c:46:14: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). int mask = umask (0); data/alpine-2.24+dfsg1/imap/src/osdep/unix/crx_nfs.c:49:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen (hitch); /* append local host name */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/crx_nfs.c:77:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (mask); /* restore previous mask */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/crx_std.c:37:14: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). int mask = umask (0); data/alpine-2.24+dfsg1/imap/src/osdep/unix/crx_std.c:43:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (mask); /* restore previous mask */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:170:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (file,test,i = s - test); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:218:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int showuppers = pat[strlen (pat) - 1] == '%'; data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:293:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!dir || dir[(len = strlen (dir)) - 1] == '/') while ((d = readdir (dp)) != NULL) data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:298:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((len + strlen (d->d_name)) <= NETMAXMBX)) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:304:20: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. pmatch_full (strcat (path,"/"),pat,'/') || data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:306:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mailboxdir (path,dir,"x") && (len = strlen (path)) && data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:382:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (fd,buf+ssiz,bsiz = min (fsiz,BUFSIZE)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:437:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (!(attributes & LATT_NOSELECT) && (csiz = strlen (contents)) && data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:482:14: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). int mask = umask (0); data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:490:7: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (mask); /* restore mask */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/dummy.c:507:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (mask); /* restore mask */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:545:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). date += strlen (date); /* make next sprintf append */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:604:20: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). switch (mask = umask (022)){/* check old umask */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:609:7: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (mask); /* so change it back */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:702:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memset (s,0,strlen (s)); /* erase sensitive information */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:731:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (user) >= NETMAXUSER) || data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:732:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (authuser && (strlen (authuser) >= NETMAXUSER))) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:867:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sysInbox = (char *) fs_get (strlen (home) + 7); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:935:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (((s = (char *) getlogin ()) && *s && (strlen (s) < NETMAXUSER) && data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:943:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((s = getenv ("HOME")) && *s && (strlen (s) < NETMAXMBX) && data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1033:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (dir) > NETMAXMBX) return NIL; data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1038:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (name) > NETMAXMBX) return NIL; data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1059:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!name || !*name || (*name == '{') || (strlen (name) > NETMAXMBX) || data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1103:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t i = strlen (mymailboxdir ()); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1176:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (file) > 512) return NIL; data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1210:12: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). mask = umask (0); /* want our lock protection */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1218:7: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (mask); /* restore old umask */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1221:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (mask); /* restore old umask */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1268:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read (pi[0],tmp,1) == 1) && (tmp[0] == '+')) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1370:14: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). int mask = umask (0); data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1387:7: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (mask); /* restore old mask */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1402:7: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (mask); /* restore old mask */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1415:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read (fd,tmp,i) == i) && !(tmp[i] = 0) && ((i = atol (tmp)) > 0)) data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1418:7: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (mask); /* restore old mask */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1428:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (mask); /* restore old mask */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/env_unix.c:1602:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; k && i < NUSERFLAGS; ++i) if (strlen (k) <= MAXUSERFLAG) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/fdstring.c:67:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (d->fd,s->chunk,(size_t) s->cursize); data/alpine-2.24+dfsg1/imap/src/osdep/unix/fdstring.c:97:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read ((long) s->data,s->curpos,(size_t) s->cursize); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:394:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fprintf (po,"+%lu %s%lu %s%lu ",strlen (s),s,strlen (t),t,i) < 0) data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:394:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fprintf (po,"+%lu %s%lu %s%lu ",strlen (s),s,strlen (t),t,i) < 0) data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:770:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). switch (c = getc (slavein)) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:829:26: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (t = s; n && ((c = getc (slavein)) != EOF); *t++ = c,--n); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:861:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). switch (c = getc (slavein)) { /* what did master say? */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:863:30: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (n = 0; isdigit (c = getc (slavein)); n *= 10, n += (c - '0')); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:871:30: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (n = 0; isdigit (c = getc (slavein)); n *= 10, n += (c - '0')); data/alpine-2.24+dfsg1/imap/src/osdep/unix/flocksim.c:879:30: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (n = 0; isdigit (c = getc (slavein)); n *= 10, n += (c - '0')); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip4_unix.c:169:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (name) < MAILTMPLEN) && data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip6_unix.c:129:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (text && (strlen (text) < MAILTMPLEN) && data/alpine-2.24+dfsg1/imap/src/osdep/unix/ip6_unix.c:247:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (name) < MAILTMPLEN) && data/alpine-2.24+dfsg1/imap/src/osdep/unix/log_os4.c:47:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove (host,host+1,i = strlen (host + 2)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:220:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (fd,hdr,HDRSIZE) == HDRSIZE) data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:238:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read (fd,hdr,HDRSIZE) != HDRSIZE)) ret = -1; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:251:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (s) <= MAXUSERFLAG) data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:260:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((j = read (fd,hdr,64)) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:409:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s),"%s\015\012",t); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:710:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s = LOCAL->buf,*length); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:942:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (LOCAL->buf + strlen (LOCAL->buf), data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:948:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((write (LOCAL->fd,LOCAL->buf,strlen (LOCAL->buf)) < 0) || data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:958:14: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. if (r == 1) strcpy (tmp,"1"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1039:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (LOCAL->buf+strlen(LOCAL->buf),",%lu;%08lx%04x-%08lx\015\012", data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1045:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((ret = (write (fd,LOCAL->buf,strlen (LOCAL->buf)) > 0)) != 0L) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1047:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,j); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1270:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,HDRSIZE); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1285:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!stream->user_flags[i] && (strlen (s) <= MAXUSERFLAG)) data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1304:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1510:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (LOCAL->fd,LOCAL->buf,14) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1553:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s),"%s\015\012",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1594:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (LOCAL->fd,LOCAL->buf,14) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1653:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read (LOCAL->fd,s,i) == i); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mbx.c:1758:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,m); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:205:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ((name[0] != '#') && (s = mh_path (tmp)) && (i = strlen (s)) && data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:249:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (fd,(t = (char *) fs_get (sbuf.st_size + 1)),sbuf.st_size); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:362:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (file,test+4,i = s - (test+4)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:427:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp = curdir + strlen (curdir);/* end of directory name */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:428:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). np = name + strlen (name); /* end of MH name */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:487:33: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. dummy_create_path (stream,strcat (tmp,"/"), data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:513:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen (mh_file (tmp,mailbox)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:854:28: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. dummy_create_path (stream,strcat (mh_file (tmp,MHINBOX),"/"), data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1071:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (flags,")"); /* close list */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1110:31: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. dummy_create_path (stream,strcat (tmp,"/"), data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1155:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp),"/%ld",++last); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mh.c:1255:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ((*pat == '/') && (pattern[strlen (pattern) - 1] == '/')) data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:240:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(errno = ((strlen (name) > NETMAXMBX) ? ENAMETOOLONG : NIL)) && data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:320:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t namelen = strlen (name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:326:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s = (char *) fs_get (namelen + strlen (names[i]->d_name) + 2), data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:430:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = file + strlen (file) - (sizeof (MIXMETA) - 1); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:546:40: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. else if (dummy_create_path (stream,strcat (tmp1,"/"), data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:552:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t srcl = strlen (tmp); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:553:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t dstl = strlen (tmp1); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:557:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen (names[i]->d_name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:735:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((read (LOCAL->msgfd,LOCAL->buf,j) == j) && data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:962:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (flags,")"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1400:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hdrsize = strlen (local->buf); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1440:11: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (strcat (tmp," "),t); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1448:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (tmp,")"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1558:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hdrsize = strlen (local->buf); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:1789:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*k && (strlen (k) <= MAXUSERFLAG)) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2170:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read (LOCAL->mfd,s = LOCAL->buf,sbuf.st_size) != sbuf.st_size)) data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2206:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (LOCAL->buf + strlen (LOCAL->buf),MTAFMT, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2208:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0, c = 'K', s = ss = LOCAL->buf + strlen (LOCAL->buf); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2255:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size *= strlen (tmp); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2259:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += strlen (tmp); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2337:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size *= strlen (tmp); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2340:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += strlen (tmp); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2531:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((getc (srtcf) != 'F') || data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2535:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\015') || data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2536:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\012')) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2543:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((getc (srtcf) != 'T') || data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2547:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\015') || data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2548:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\012')) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2555:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((getc (srtcf) != 'C') || data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2559:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\015') || data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2560:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\012')) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2567:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((getc (srtcf) != 'S') || data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2572:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\015') || data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2573:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\012')) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2582:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((getc (srtcf) != 'M') || data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2587:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\015') || data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2588:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\012')) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2602:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((getc (srtcf) != 'R') || data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2606:6: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\015') || data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2607:6: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (getc (srtcf) != '\012')) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2707:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s->from ? strlen (s->from) + 1 : 0, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2708:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s->to ? strlen (s->to) + 1 : 0,s->cc ? strlen (s->cc) + 1 : 0, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2708:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s->to ? strlen (s->to) + 1 : 0,s->cc ? strlen (s->cc) + 1 : 0, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2709:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s->refwd ? 'R' : ' ',s->subject ? strlen (s->subject) + 1: 0, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mix.c:2710:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s->message_id ? strlen (s->message_id) + 1 : 0,j); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:400:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (fd,tmp,MAILTMPLEN-1) >= 0) ret = ISMMDF (tmp) ? T : NIL; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:488:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rfc822_date (s = tmp + strlen (tmp)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:489:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s), /* write the pseudo-header */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:494:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s)," %s",default_user_flag (i)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:495:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n%s",pseudo_msg,mmdfhdr); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:496:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write (fd,tmp,strlen (tmp)) > 0) ret = T; data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:658:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write (fd,tmp,(i = strlen (tmp))+1); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:742:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:745:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:748:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:751:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:754:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:757:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines->text.size = strlen ((char *) (lines->text.data = data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:771:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.msg.header.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:781:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s = (char *) fs_get (elt->private.msg.header.text.size+1), data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:848:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.msg.text.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1093:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1381:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc (sf)) != '\n') switch (c) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1393:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (i < (j = strlen (tmp))) fatal ("mmdf_append_msgs overrun"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1738:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(u = strpbrk (s," \n\r"))) u = s + strlen (s); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:1799:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (stream->user_flags[j],s,k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:2138:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (s = hdr + strlen (hdr),i = 0; i < NUSERFLAGS; ++i) data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:2140:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s)," %s",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:2141:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n%s",pseudo_msg,mmdfhdr); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:2142:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen (hdr); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mmdf.c:2304:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:186:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((read (fd,tmp,64) >= 0) && (s = strchr (tmp,'\015')) && data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:517:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,*length); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:688:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (LOCAL->buf + strlen (LOCAL->buf), data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:694:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((write (LOCAL->fd,LOCAL->buf,strlen (LOCAL->buf)) < 0) || data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:704:14: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. if (r == 1) strcpy (tmp,"1"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:803:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,m); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:920:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,j); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:1125:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:1267:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (LOCAL->fd,LOCAL->buf,12) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mtx.c:1346:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read (LOCAL->fd,s = tmp, data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:180:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (name) <= NETMAXMBX) && *mx_file (tmp,name) && data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:275:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t namelen = strlen (name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:281:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s = (char *) fs_get (namelen + strlen (names[i]->d_name) + 2), data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:351:14: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). int mask = umask (0); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:372:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (mask); /* restore mask */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:455:40: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. else if (dummy_create_path (stream,strcat (tmp1,"/"), data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:460:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t srcl = strlen (tmp); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:461:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t dstl = strlen (tmp1); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:495:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen (name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:637:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (fd,LOCAL->buf,elt->rfc822_size); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:952:16: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (strcat (tmp," "),t); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:960:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (tmp,")"); /* close list */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1178:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s = idx = (char *) fs_get (sbuf.st_size + 1),sbuf.st_size); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1194:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen (t) <= MAXUSERFLAG)) stream->user_flags[k] = cpystr (t); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1250:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s),"K%s\n",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1254:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (((s += strlen (s)) - tmp) > MXIXBUFLEN) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/mx.c:1266:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((s += strlen (s)) != tmp) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:162:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (fd,t = s = (char *) fs_get (sbuf.st_size+1),sbuf.st_size); data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:229:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (fd,s = (char *) fs_get (sbuf.st_size + 1),sbuf.st_size); data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:233:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen (pattern); /* length of pattern */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/news.c:279:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ((*pat == '.') && (pattern[strlen (pattern) - 1] == '.')) data/alpine-2.24+dfsg1/imap/src/osdep/unix/opendir.c:44:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (fd,d->dd_buf = (char *) fs_get (sbuf.st_size), data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_nto.c:73:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dc.d_namlen = strlen (strcpy (dc.d_name,de->d_name)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/os_qnx.c:74:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dc.d_namlen = strlen (strcpy (dc.d_name,de->d_name)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/phile.c:318:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (fd,buf->data = (unsigned char *) fs_get (buf->size + 1),buf->size); data/alpine-2.24+dfsg1/imap/src/osdep/unix/phile.c:458:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *length = strlen (LOCAL->tmp); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_none.c:56:11: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = getchar (); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:170:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp),"%.80s%lx%.80s%lx%lx%lx%lx%lx", data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:175:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). RAND_seed (tmp,strlen (tmp)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:430:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (scc && (s = (*scc) ()) && (sl = strlen (s))) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:438:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((t = (sck ? (*sck) () : s)) && (tl = strlen (t))) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/ssl_unix.c:800:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return ssl_sout (stream,string,(unsigned long) strlen (string)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/sslstdio.c:36:13: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = getchar (); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:176:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (host[0] == '[' && host[(strlen (host))-1] == ']') { data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:178:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp[(strlen (tmp))-1] = '\0'; data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:315:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((i = *ctr = read (sock,tmp,1)) < 0) && (errno == EINTR)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:370:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (mb->host[0] == '[' && mb->host[i = (strlen (mb->host))-1] == ']') { data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:587:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((i = read (stream->tcpsi,s,(int) min (maxposint,size))) < 0) data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:647:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (i > 0) while (((i = read (stream->tcpsi,stream->ibuf,BUFLEN)) < 0) && data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:680:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return tcp_sout (stream,string,(unsigned long) strlen (string)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tcp_unix.c:968:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (name[0] == '[' && name[strlen (name) - 1] == ']') return cpystr(name); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:193:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((read (fd,tmp,64) >= 0) && (s = strchr (tmp,'\012')) && data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:520:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.msg.full.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:571:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,*length = i); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:576:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s,i); /* slurp the data */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:618:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,i); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:633:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s,i); /* slurp the data */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:779:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (LOCAL->buf + strlen (LOCAL->buf), data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:785:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((write (LOCAL->fd,LOCAL->buf,strlen (LOCAL->buf)) < 0) || data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:795:14: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. if (r == 1) strcpy (tmp,"1"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:894:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,m); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1012:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,j); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1239:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1381:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (LOCAL->fd,LOCAL->buf,12) < 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/tenex.c:1460:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s = LOCAL->buf,i = min (msiz-siz,(long) MAILTMPLEN)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tz_bsd.c:37:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s + strlen (s)," (%.50s)",((struct tm *) t)->tm_zone); data/alpine-2.24+dfsg1/imap/src/osdep/unix/tz_sv4.c:37:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s + strlen (s)," (%.50s)", data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:251:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (fd,tmp,MAILTMPLEN-1) >= 0) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:348:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rfc822_fixed_date (s = tmp + strlen (tmp)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:350:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s), data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:355:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s)," %s",default_user_flag (i)); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:356:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n\n",pseudo_msg); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:357:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write (fd,tmp,strlen (tmp)) > 0) ret = T; data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:519:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write (fd,tmp,(i = strlen (tmp))+1); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:619:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.msg.header.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:629:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,s = (char *) fs_get (elt->private.msg.header.text.size+1), data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:696:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.msg.text.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:945:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1231:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc (sf)) != '\n') switch (c) { data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1243:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (i < (j = strlen (tmp))) fatal ("unix_append_msgs overrun"); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1561:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(u = strpbrk (s," \n\r"))) u = s + strlen (s); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1622:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (stream->user_flags[j],s,k); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1962:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (s = hdr + strlen (hdr),i = 0; i < NUSERFLAGS; ++i) data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1964:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s)," %s",stream->user_flags[i]); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1965:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n\n",pseudo_msg); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:1966:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen (hdr); /* return header length */ data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:2128:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size); data/alpine-2.24+dfsg1/imap/src/osdep/unix/unix.c:2600:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (sfd,s = (char *) fs_get (size + 1),size); data/alpine-2.24+dfsg1/imap/src/osdep/vms/env_vms.c:90:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). date += strlen (date); /* make next sprintf append */ data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsl.c:73:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HostDesc.dsc$w_length = strlen (host); data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsl.c:239:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return tcp_sout (stream,string,(unsigned long) strlen (string)); data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsl.c:253:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). struct dsc$descriptor_s BufDesc = {strlen(string),DSC$K_DTYPE_T, data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsl.c:348:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (tmp,LocalhostDesc.dsc$a_pointer,LocalhostDesc.dsc$w_length); data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:95:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (host[0] == '[' && host[(strlen (host))-1] == ']') { data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:97:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hostname[(strlen (hostname))-1] = '\0'; data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:319:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return tcp_sout (stream,string,(unsigned long) strlen (string)); data/alpine-2.24+dfsg1/imap/src/osdep/vms/tcp_vmsm.c:461:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (name[0] == '[' && name[strlen (name) - 1] == ']') data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.c:138:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). date += strlen (date); /* make next sprintf append */ data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.c:147:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (tz && tz[0]) sprintf (date + strlen (date)," (%s)",tz); data/alpine-2.24+dfsg1/imap/src/osdep/wce/env_wce.c:212:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!((s = getenv ("HOMEPATH")) && (i = strlen (s)))) return NIL; data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:129:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (host[0] == '[' && host[(strlen (host))-1] == ']') { data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:131:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp[strlen (tmp)-1] = '\0'; data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:372:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else while (((i = read (stream->tcpsi,s,(int) min (maxposint,size))) < data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:427:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else while (((i = read (stream->tcpsi,stream->ibuf,BUFLEN)) < 0) && data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:453:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return tcp_sout (stream,string,(unsigned long) strlen (string)); data/alpine-2.24+dfsg1/imap/src/osdep/wce/tcp_wce.c:724:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (name[0] == '[' && name[strlen (name) - 1] == ']') return name; data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:225:19: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getchar ()) != EOF) putc (c,f); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:237:19: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getchar ()) != EOF) { data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:289:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (mailbox && (strlen (mailbox) > 256)) data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:545:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp),"uid mismatch (%ld != %ld)", data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:562:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (tmp + strlen (tmp),"file type %07o",(unsigned int) type); data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:607:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (*t) > NETMAXMBX) return NIL; data/alpine-2.24+dfsg1/imap/src/tmail/tmail.c:706:23: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (!strcmp (ucase (strncpy (tmp,string,11)),"[TRYCREATE]")) trycreate = T; data/alpine-2.24+dfsg1/include/system.h:62:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t strlen (const char *); data/alpine-2.24+dfsg1/mapi/instmapi.c:83:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strncmp("-silent", pp, strlen("-silent")) == 0) data/alpine-2.24+dfsg1/mapi/instmapi.c:94:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(filename, "%s%s", dir, dir[strlen(dir)-1] == '\\' ? data/alpine-2.24+dfsg1/mapi/instmapi.c:152:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tp = buffer + strlen(buffer) - strlen(" -url news:%1"); data/alpine-2.24+dfsg1/mapi/instmapi.c:152:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tp = buffer + strlen(buffer) - strlen(" -url news:%1"); data/alpine-2.24+dfsg1/mapi/instmapi.c:156:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). RegSetValueEx(hKey, "", 0, dtype, buffer, strlen(buffer)); data/alpine-2.24+dfsg1/mapi/instmapi.c:165:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filename, strlen(filename) + 1) != ERROR_SUCCESS){ data/alpine-2.24+dfsg1/mapi/instmapi.c:198:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(mapifile, "%s%s", dir, dir[strlen(dir)-1] == '\\' ? data/alpine-2.24+dfsg1/mapi/instmapi.c:212:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(buffer, "%s%s", dir, dir[strlen(dir)-1] == '\\' ? data/alpine-2.24+dfsg1/mapi/instmapi.c:230:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(buffer2, "%s%s", dir, dir[strlen(dir)-1] == '\\' ? data/alpine-2.24+dfsg1/mapi/instmapi.c:296:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufflen = strlen(buffer)+1; data/alpine-2.24+dfsg1/mapi/pmapi.c:242:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmplen = strlen(dir); data/alpine-2.24+dfsg1/mapi/pmapi.c:535:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tpwc->user, nmg->cs->dlge.edit1, EDITLEN - 1); data/alpine-2.24+dfsg1/mapi/pmapi.c:536:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tpwc->pwd, nmg->cs->dlge.edit2, EDITLEN - 1); data/alpine-2.24+dfsg1/mapi/pmapi.c:537:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tpwc->host, mb->host, EDITLEN - 1); data/alpine-2.24+dfsg1/mapi/pmapi.c:886:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tfcc = (char *)fs_get((strlen(col) + strlen(fcc) + 1) * sizeof(char)); data/alpine-2.24+dfsg1/mapi/pmapi.c:886:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tfcc = (char *)fs_get((strlen(col) + strlen(fcc) + 1) * sizeof(char)); data/alpine-2.24+dfsg1/mapi/pmapi.c:979:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dir[strlen(dir)-1] == '\\' ? "" : "\\", i); data/alpine-2.24+dfsg1/mapi/pmapi.c:1058:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). varlen = strlen(nmg->prcvars[i]->var); data/alpine-2.24+dfsg1/mapi/pmapi.c:1086:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). varlen = strlen(line+j); data/alpine-2.24+dfsg1/mapi/pmapi.c:1116:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). varlen = strlen(line+j); data/alpine-2.24+dfsg1/mapi/pmapi.c:1123:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nmg->prcvars[i]->val.p, line+j, varlen); data/alpine-2.24+dfsg1/mapi/pmapi.c:1213:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newstr = (char *)fs_get(sizeof(char)*(strlen(*valstrp) data/alpine-2.24+dfsg1/mapi/pmapi.c:1214:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(p3 ? p3 : "") + strlen(p2+1) + 1)); data/alpine-2.24+dfsg1/mapi/pmapi.c:1214:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(p3 ? p3 : "") + strlen(p2+1) + 1)); data/alpine-2.24+dfsg1/mapi/pmapi.c:1442:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(msgid); data/alpine-2.24+dfsg1/mapi/pmapi.c:1550:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!(tf = (char *)fs_get(sizeof(char)*(strlen(dir) + strlen("pine.pwd") + 1)))){ data/alpine-2.24+dfsg1/mapi/pmapi.c:1550:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!(tf = (char *)fs_get(sizeof(char)*(strlen(dir) + strlen("pine.pwd") + 1)))){ data/alpine-2.24+dfsg1/mapi/pmapi.c:1689:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(path[strlen(path-1)] != '\\') data/alpine-2.24+dfsg1/mapi/pmapi.c:1690:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(path, "\\"); data/alpine-2.24+dfsg1/mapi/pmapi.c:1697:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(path[strlen(path-1)] != '\\') data/alpine-2.24+dfsg1/mapi/pmapi.c:1698:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(path, "\\"); data/alpine-2.24+dfsg1/mapi/pmapi.c:1713:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ms_global->debugFile = (char *)fs_get((1+strlen(path))*sizeof(char)); data/alpine-2.24+dfsg1/mapi/pmapi.c:1775:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ms_global->pineExe = (char *)fs_get(sizeof(char)*(pineKeyDataSize+strlen(pineExe))); data/alpine-2.24+dfsg1/mapi/pmapi.c:1777:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ms_global->pineExe, pineKeyData, pineKeyDataSize); data/alpine-2.24+dfsg1/mapi/pmapi.c:1793:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ms_global->pineExe = (char *)fs_get((1+strlen(defPath))*sizeof(char)); data/alpine-2.24+dfsg1/mapi/pmapi.c:1805:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ms_global->pineExeAlt = (char *)fs_get((strlen(strrchr(defPath, '\\')+1)+1)*sizeof(char)); data/alpine-2.24+dfsg1/mapi/pmapi.c:1834:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(ms_global->pineExe)+1)); data/alpine-2.24+dfsg1/mapi/pmapi.c:1839:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ms_global->attachDir, pineKeyData, pineKeyDataSize); data/alpine-2.24+dfsg1/mapi/pmapi.c:1848:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ms_global->pinerc, pineKeyData, pineKeyDataSize); data/alpine-2.24+dfsg1/mapi/pmapi.c:1877:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(ms_global->attachDir = (char *)fs_get((strlen(defAttachDir)+1)*sizeof(char))) data/alpine-2.24+dfsg1/mapi/pmapi.c:1887:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(ms_global->pinerc = (char *)fs_get((strlen(penv)+1)*sizeof(char))) data/alpine-2.24+dfsg1/mapi/pmapi.c:1895:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(ms_global->pineconf = (char *)fs_get((strlen(penv)+1)*sizeof(char))) data/alpine-2.24+dfsg1/mapi/pmapi.c:2030:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(srcFile); data/alpine-2.24+dfsg1/mapi/pmapi.c:2043:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dstName = (char *)fs_get(sizeof(char)*(strlen(srcFile) + 5 + data/alpine-2.24+dfsg1/mapi/pmapi.c:2044:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). max(strlen(dstDir), strlen(PINERC_FILE)))); data/alpine-2.24+dfsg1/mapi/pmapi.c:2044:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). max(strlen(dstDir), strlen(PINERC_FILE)))); data/alpine-2.24+dfsg1/mapi/pmapi.c:2048:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(srcFile)+5+max(strlen(dstDir),strlen(PINERC_FILE))); data/alpine-2.24+dfsg1/mapi/pmapi.c:2048:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(srcFile)+5+max(strlen(dstDir),strlen(PINERC_FILE))); data/alpine-2.24+dfsg1/mapi/pmapi.c:2048:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(srcFile)+5+max(strlen(dstDir),strlen(PINERC_FILE))); data/alpine-2.24+dfsg1/mapi/pmapi.c:2069:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dstDir[strlen(dstDir)-1] == '\\' ? "" : "\\", data/alpine-2.24+dfsg1/mapi/pmapi.c:2081:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(dstName+i-strlen(srcExt), "%03d%s", cnt, srcExt); data/alpine-2.24+dfsg1/mapi/pmapi.c:2094:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dstDir[strlen(dstDir)-1] == '\\' ? "" : "\\", data/alpine-2.24+dfsg1/mapi/pmapi.c:2110:9: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(sfd); data/alpine-2.24+dfsg1/mapi/pmapi.c:2113:6: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(sfd); data/alpine-2.24+dfsg1/mapi/pmapi.c:2145:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmplen = strlen(files); data/alpine-2.24+dfsg1/mapi/pmapi.c:2235:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). url_len += strlen(*keyvalp); data/alpine-2.24+dfsg1/mapi/pmapi.c:2242:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(url, "&"); data/alpine-2.24+dfsg1/mapi/pmapi.c:2296:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = (char *)fs_get(sizeof(char) * (strlen(key) + (3*strlen(val)) + 2)); data/alpine-2.24+dfsg1/mapi/pmapi.c:2296:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = (char *)fs_get(sizeof(char) * (strlen(key) + (3*strlen(val)) + 2)); data/alpine-2.24+dfsg1/mapi/pmapi.c:2298:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d = ret + strlen(key); data/alpine-2.24+dfsg1/mapi/pmapi.c:2507:10: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(sfd); data/alpine-2.24+dfsg1/mapi/pmapi.c:2514:7: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(sfd); data/alpine-2.24+dfsg1/mapi/pmapi.c:2636:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). body->contents.text.size = strlen(txt); data/alpine-2.24+dfsg1/mapi/pmapi.c:2712:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int newSize = strlen(old)*2+3; data/alpine-2.24+dfsg1/mapi/pmapi.c:2775:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ? (void *)strlen(lpm->lpszNoteText) : (void *)0); data/alpine-2.24+dfsg1/mapi/pmapi.c:2840:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = fs_get((strlen(old)+1) * sizeof(char)); data/alpine-2.24+dfsg1/mapi/pmapi.c:2855:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cnt += 2 * (a->personal ? strlen(a->personal) : 0); data/alpine-2.24+dfsg1/mapi/pmapi.c:2856:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cnt += (a->mailbox ? strlen(a->mailbox) : 0); data/alpine-2.24+dfsg1/mapi/pmapi.c:2857:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cnt += (a->adl ? strlen(a->adl) : 0); data/alpine-2.24+dfsg1/mapi/pmapi.c:2858:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cnt += (a->host ? strlen(a->host) : 0); data/alpine-2.24+dfsg1/mapi/rfc1522.c:32:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (2 * RFC1522_DLIM_L) + strlen(S) + 1); data/alpine-2.24+dfsg1/mapi/rfc1522.c:80:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(p = known_escapes; *p && strncmp(esc_seq, *p, n = strlen(*p)); p++) data/alpine-2.24+dfsg1/mapi/rfc1522.c:152:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ? !strncmp((char *)s + 1, end_str + 1, strlen(end_str + 1)) data/alpine-2.24+dfsg1/mapi/rfc1522.c:467:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, string, token - string); data/alpine-2.24+dfsg1/mapi/rfc1522.c:489:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *value = p = (char *)fs_get((strlen(token) + 1) * sizeof(char)); data/alpine-2.24+dfsg1/mapi/rfc1522.c:547:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = string + strlen(string) - 1; data/alpine-2.24+dfsg1/mapi/smapi.c:569:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(tadrstr[0] == '(' && tadrstr[strlen(tadrstr) - 1] == ')'){ data/alpine-2.24+dfsg1/mapi/smapi.c:570:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tadrstr[strlen(tadrstr)-1] = '\0'; data/alpine-2.24+dfsg1/mapi/smapi.c:600:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). adrstr = (char *)fs_get((8 + strlen(adrlist->mailbox) + strlen(adrlist->host)) * sizeof(char)); data/alpine-2.24+dfsg1/mapi/smapi.c:600:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). adrstr = (char *)fs_get((8 + strlen(adrlist->mailbox) + strlen(adrlist->host)) * sizeof(char)); data/alpine-2.24+dfsg1/openssl/include/openssl/bio.h:818:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int (*read) (BIO *, char *, int)); data/alpine-2.24+dfsg1/openssl/include/openssl/crypto.h:118:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlen, data/alpine-2.24+dfsg1/pico/attach.c:144:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bfn, S_FILESEP, sizeof(bfn)); data/alpine-2.24+dfsg1/pico/attach.c:155:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bfn, fn, dirlen); data/alpine-2.24+dfsg1/pico/attach.c:162:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bfn, fn, dirlen); data/alpine-2.24+dfsg1/pico/attach.c:177:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bfn, (gmode & MDCURDIR) data/alpine-2.24+dfsg1/pico/attach.c:200:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fn, (gmode & MDCURDIR) data/alpine-2.24+dfsg1/pico/attach.c:214:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (upload && (strlen(fn)+strlen(S_FILESEP)+strlen(bfn)) < sizeof(fn)){ data/alpine-2.24+dfsg1/pico/attach.c:214:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (upload && (strlen(fn)+strlen(S_FILESEP)+strlen(bfn)) < sizeof(fn)){ data/alpine-2.24+dfsg1/pico/attach.c:214:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (upload && (strlen(fn)+strlen(S_FILESEP)+strlen(bfn)) < sizeof(fn)){ data/alpine-2.24+dfsg1/pico/attach.c:217:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len1 = strlen(bfn); data/alpine-2.24+dfsg1/pico/attach.c:218:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = strlen(fn); data/alpine-2.24+dfsg1/pico/attach.c:226:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new->fname, bfn, len1); data/alpine-2.24+dfsg1/pico/attach.c:228:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new->dir, fn, len2); data/alpine-2.24+dfsg1/pico/attach.c:230:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new->size, sz, sizeof(new->size)-1); data/alpine-2.24+dfsg1/pico/attach.c:235:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(fn, S_FILESEP, sizeof(fn)-strlen(fn)-1); data/alpine-2.24+dfsg1/pico/attach.c:235:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(fn, S_FILESEP, sizeof(fn)-strlen(fn)-1); data/alpine-2.24+dfsg1/pico/attach.c:237:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(fn, bfn, sizeof(fn)-strlen(fn)-1); data/alpine-2.24+dfsg1/pico/attach.c:237:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(fn, bfn, sizeof(fn)-strlen(fn)-1); data/alpine-2.24+dfsg1/pico/attach.c:309:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(*fn == '\"' && fn[strlen(fn)-1] == '\"'){ data/alpine-2.24+dfsg1/pico/attach.c:343:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(fn); data/alpine-2.24+dfsg1/pico/attach.c:351:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new->fname, fn, len); data/alpine-2.24+dfsg1/pico/attach.c:353:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new->size, prettysz(attsz), sizeof(new->size)); data/alpine-2.24+dfsg1/pico/attach.c:391:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sz, prettysz((off_t)l), szlen); data/alpine-2.24+dfsg1/pico/attach.c:536:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((j=strlen(file)) > strlen(tp->filename)){ data/alpine-2.24+dfsg1/pico/attach.c:536:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((j=strlen(file)) > strlen(tp->filename)){ data/alpine-2.24+dfsg1/pico/attach.c:545:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tp->filename, file, j); data/alpine-2.24+dfsg1/pico/attach.c:550:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((j=strlen(size)) > strlen(tp->size)){ data/alpine-2.24+dfsg1/pico/attach.c:550:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((j=strlen(size)) > strlen(tp->size)){ data/alpine-2.24+dfsg1/pico/attach.c:559:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tp->size, size, j); data/alpine-2.24+dfsg1/pico/attach.c:565:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((j=strlen(comment)) > strlen(tp->description)){ data/alpine-2.24+dfsg1/pico/attach.c:565:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((j=strlen(comment)) > strlen(tp->description)){ data/alpine-2.24+dfsg1/pico/attach.c:574:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tp->description, comment, j); data/alpine-2.24+dfsg1/pico/attach.c:808:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *off += strlen(number) - (p-tmp); data/alpine-2.24+dfsg1/pico/attach.c:875:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(utf8) > fnlen) data/alpine-2.24+dfsg1/pico/attach.c:878:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fn, utf8, fnlen); /* store file name */ data/alpine-2.24+dfsg1/pico/attach.c:982:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(fn, "]", fnlen-strlen(fn)-1); data/alpine-2.24+dfsg1/pico/attach.c:982:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(fn, "]", fnlen-strlen(fn)-1); data/alpine-2.24+dfsg1/pico/attach.c:1029:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sz, (lblsz) ? lblsz : prettysz(attsz), szlen); data/alpine-2.24+dfsg1/pico/attach.c:1072:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sz, (lblsz) ? lblsz : prettysz(attsz), szlen); data/alpine-2.24+dfsg1/pico/attach.c:1111:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sz, utf8, szlen); data/alpine-2.24+dfsg1/pico/attach.c:1117:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sz, (lblsz) ? lblsz : prettysz(attsz), szlen); data/alpine-2.24+dfsg1/pico/attach.c:1189:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(utf8) > cmntlen) data/alpine-2.24+dfsg1/pico/attach.c:1192:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cmnt,utf8,cmntlen-1); /* copy the comment */ data/alpine-2.24+dfsg1/pico/attach.c:1284:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(f); data/alpine-2.24+dfsg1/pico/attach.c:1291:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tp->filename, f, len); data/alpine-2.24+dfsg1/pico/attach.c:1295:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(prettysz((off_t) l)); data/alpine-2.24+dfsg1/pico/attach.c:1304:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tp->size, prettysz((off_t) l), len); data/alpine-2.24+dfsg1/pico/attach.c:1310:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(c); data/alpine-2.24+dfsg1/pico/attach.c:1319:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tp->description, c, len); data/alpine-2.24+dfsg1/pico/attach.c:1371:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = &fn[strlen(fn)]; data/alpine-2.24+dfsg1/pico/browse.c:266:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(opertree, Pmaster->oper_dir, NLINE); data/alpine-2.24+dfsg1/pico/browse.c:826:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(tmp, child, sizeof(tmp)-strlen(tmp)-1); data/alpine-2.24+dfsg1/pico/browse.c:826:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tmp, child, sizeof(tmp)-strlen(tmp)-1); data/alpine-2.24+dfsg1/pico/browse.c:876:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(tmp, _("File is write protected! OVERRIDE"), sizeof(tmp)); data/alpine-2.24+dfsg1/pico/browse.c:884:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(tmp, _("File CANNOT be UNdeleted! Really delete"), sizeof(tmp)); data/alpine-2.24+dfsg1/pico/browse.c:1003:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(child, gethomedir(NULL), sizeof(child)); data/alpine-2.24+dfsg1/pico/browse.c:1061:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(child, fn, sizeof(child) - 1); data/alpine-2.24+dfsg1/pico/browse.c:1157:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, child, sizeof(tmp)); data/alpine-2.24+dfsg1/pico/browse.c:1164:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, S_FILESEP, sizeof(tmp)); data/alpine-2.24+dfsg1/pico/browse.c:1290:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, (p == child) ? S_FILESEP: child, sizeof(tmp)); data/alpine-2.24+dfsg1/pico/browse.c:1298:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(child, gmp->current->fname, sizeof(child)); data/alpine-2.24+dfsg1/pico/browse.c:1336:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(child, gmp->current->fname, sizeof(child)); data/alpine-2.24+dfsg1/pico/browse.c:1405:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, (p == child) ? S_FILESEP: child, sizeof(tmp)); data/alpine-2.24+dfsg1/pico/browse.c:1448:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, gmp->dname, sizeof(tmp)); data/alpine-2.24+dfsg1/pico/browse.c:1463:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(child, &p[1], sizeof(child)); data/alpine-2.24+dfsg1/pico/browse.c:1475:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(tmp, S_FILESEP, sizeof(tmp)-strlen(tmp)-1); data/alpine-2.24+dfsg1/pico/browse.c:1475:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tmp, S_FILESEP, sizeof(tmp)-strlen(tmp)-1); data/alpine-2.24+dfsg1/pico/browse.c:1480:12: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, S_FILESEP, sizeof(tmp)); data/alpine-2.24+dfsg1/pico/browse.c:1493:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(gmp->dname) < dirlen) && data/alpine-2.24+dfsg1/pico/browse.c:1494:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(gmp->current->fname) < fnlen)){ data/alpine-2.24+dfsg1/pico/browse.c:1495:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir, gmp->dname, dirlen); data/alpine-2.24+dfsg1/pico/browse.c:1504:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(tmp, S_FILESEP, sizeof(tmp)-strlen(tmp)-1); data/alpine-2.24+dfsg1/pico/browse.c:1504:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tmp, S_FILESEP, sizeof(tmp)-strlen(tmp)-1); data/alpine-2.24+dfsg1/pico/browse.c:1508:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(tmp, gmp->current->fname, sizeof(tmp)-strlen(tmp)-1); data/alpine-2.24+dfsg1/pico/browse.c:1508:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tmp, gmp->current->fname, sizeof(tmp)-strlen(tmp)-1); data/alpine-2.24+dfsg1/pico/browse.c:1586:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || (new->fname=malloc(gmp->current->fname ? (flen=strlen(gmp->current->fname))+1 : 1)) == NULL data/alpine-2.24+dfsg1/pico/browse.c:1587:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || (new->dir=malloc((dlen=strlen(gmp->dname))+1)) == NULL){ data/alpine-2.24+dfsg1/pico/browse.c:1592:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new->fname, data/alpine-2.24+dfsg1/pico/browse.c:1595:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new->dir, gmp->dname, dlen); data/alpine-2.24+dfsg1/pico/browse.c:1597:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new->size, gmp->current->size, sizeof(new->size)); data/alpine-2.24+dfsg1/pico/browse.c:1607:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(gmp->dname) < dirlen) && data/alpine-2.24+dfsg1/pico/browse.c:1608:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(gmp->current->fname) < fnlen)){ data/alpine-2.24+dfsg1/pico/browse.c:1609:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir, gmp->dname, dirlen); data/alpine-2.24+dfsg1/pico/browse.c:1611:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fn, gmp->current->fname, fnlen); data/alpine-2.24+dfsg1/pico/browse.c:1619:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sz, gmp->current->size, szlen); data/alpine-2.24+dfsg1/pico/browse.c:1816:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(mp->dname, dname, sizeof(mp->dname)); data/alpine-2.24+dfsg1/pico/browse.c:1863:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). np += strlen(np) + 1; data/alpine-2.24+dfsg1/pico/browse.c:1869:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ii = (int) strlen(np); data/alpine-2.24+dfsg1/pico/browse.c:1924:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((flength = strlen(ncp->fname) + 1 + strlen(dname)) < sizeof(mp->dname)){ data/alpine-2.24+dfsg1/pico/browse.c:1924:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((flength = strlen(ncp->fname) + 1 + strlen(dname)) < sizeof(mp->dname)){ data/alpine-2.24+dfsg1/pico/browse.c:1925:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&dcp[1], ncp->fname, sizeof(mp->dname)-(dcp+1-mp->dname)); /* use absolute path! */ data/alpine-2.24+dfsg1/pico/browse.c:1938:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmpstr, dname, flength); data/alpine-2.24+dfsg1/pico/browse.c:1940:13: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. tmpstr = strncat(tmpstr, S_FILESEP, flength+1-1-strlen(tmpstr)); data/alpine-2.24+dfsg1/pico/browse.c:1940:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmpstr = strncat(tmpstr, S_FILESEP, flength+1-1-strlen(tmpstr)); data/alpine-2.24+dfsg1/pico/browse.c:1942:13: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. tmpstr = strncat(tmpstr, ncp->fname, flength+1-1-strlen(tmpstr)); data/alpine-2.24+dfsg1/pico/browse.c:1942:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmpstr = strncat(tmpstr, ncp->fname, flength+1-1-strlen(tmpstr)); data/alpine-2.24+dfsg1/pico/browse.c:1963:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(ncp->size, "--", sizeof(ncp->size)); data/alpine-2.24+dfsg1/pico/browse.c:1969:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ncp->size, prettysz(attsz), sizeof(ncp->size)); data/alpine-2.24+dfsg1/pico/browse.c:1983:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(mp->dname) < sizeof(browse_dir)){ data/alpine-2.24+dfsg1/pico/browse.c:1984:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(browse_dir, mp->dname, sizeof(browse_dir)); data/alpine-2.24+dfsg1/pico/browse.c:2027:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (new->fname=malloc(sizeof(char)*((flen=strlen(cell->fname))+1))) == NULL || data/alpine-2.24+dfsg1/pico/browse.c:2028:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (new->dir=malloc(sizeof(char)*((dlen=strlen(mp->dname))+1))) == NULL){ data/alpine-2.24+dfsg1/pico/browse.c:2033:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new->fname, cell->fname, flen); data/alpine-2.24+dfsg1/pico/browse.c:2035:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new->dir, mp->dname, dlen); data/alpine-2.24+dfsg1/pico/browse.c:2039:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new->size, cell->size, sizeof(new->size)); data/alpine-2.24+dfsg1/pico/browse.c:2800:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(p = f; *p; p += strlen(p)+1){ data/alpine-2.24+dfsg1/pico/browse.c:2801:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flen = strlen(p); data/alpine-2.24+dfsg1/pico/browse.c:2802:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dlen = strlen(dir ? dir : ""); data/alpine-2.24+dfsg1/pico/browse.c:2807:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new->fname, p, flen); data/alpine-2.24+dfsg1/pico/browse.c:2809:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new->dir, dir ? dir : "", dlen); data/alpine-2.24+dfsg1/pico/browse.c:2813:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((strlen(new->dir) + strlen(S_FILESEP) + data/alpine-2.24+dfsg1/pico/browse.c:2813:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((strlen(new->dir) + strlen(S_FILESEP) + data/alpine-2.24+dfsg1/pico/browse.c:2814:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(new->fname) + 1) < sizeof(lfn)){ data/alpine-2.24+dfsg1/pico/browse.c:2815:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(lfn, new->dir, sizeof(lfn)); data/alpine-2.24+dfsg1/pico/browse.c:2817:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(lfn, S_FILESEP, sizeof(lfn)-strlen(lfn)-1); data/alpine-2.24+dfsg1/pico/browse.c:2817:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(lfn, S_FILESEP, sizeof(lfn)-strlen(lfn)-1); data/alpine-2.24+dfsg1/pico/browse.c:2818:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(lfn, new->fname, sizeof(lfn)-strlen(lfn)-1); data/alpine-2.24+dfsg1/pico/browse.c:2818:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(lfn, new->fname, sizeof(lfn)-strlen(lfn)-1); data/alpine-2.24+dfsg1/pico/browse.c:2821:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(new->size, "0", 32); data/alpine-2.24+dfsg1/pico/browse.c:2823:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new->size, prettysz((off_t)sbuf.st_size), 32); data/alpine-2.24+dfsg1/pico/browse.c:2844:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((strlen(dir) + strlen(S_FILESEP) + strlen(fn) + 1) > NLINE) data/alpine-2.24+dfsg1/pico/browse.c:2844:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((strlen(dir) + strlen(S_FILESEP) + strlen(fn) + 1) > NLINE) data/alpine-2.24+dfsg1/pico/browse.c:2844:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((strlen(dir) + strlen(S_FILESEP) + strlen(fn) + 1) > NLINE) data/alpine-2.24+dfsg1/pico/browse.c:2847:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(lfn, dir, sizeof(lfn)); data/alpine-2.24+dfsg1/pico/browse.c:2849:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(lfn, S_FILESEP, sizeof(lfn)-strlen(lfn)-1); data/alpine-2.24+dfsg1/pico/browse.c:2849:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(lfn, S_FILESEP, sizeof(lfn)-strlen(lfn)-1); data/alpine-2.24+dfsg1/pico/browse.c:2851:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(lfn, fn, sizeof(lfn)-strlen(lfn)-1); data/alpine-2.24+dfsg1/pico/browse.c:2851:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(lfn, fn, sizeof(lfn)-strlen(lfn)-1); data/alpine-2.24+dfsg1/pico/browse.c:2854:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(sz, "0", szlen); data/alpine-2.24+dfsg1/pico/browse.c:2858:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sz, prettysz ((off_t)sbuf.st_size), szlen); data/alpine-2.24+dfsg1/pico/buffer.c:117:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(bp->b_fname, "", sizeof(bp->b_fname)); data/alpine-2.24+dfsg1/pico/buffer.c:119:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bp->b_bname, bname, sizeof(bp->b_bname)); data/alpine-2.24+dfsg1/pico/buffer.c:307:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(bp->b_bname, "main", sizeof(bp->b_bname)); data/alpine-2.24+dfsg1/pico/buffer.c:309:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(bp->b_fname, "", sizeof(bp->b_fname)); data/alpine-2.24+dfsg1/pico/composer.c:225:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((l1 = strlen(ap->filename)) <= ofp){ data/alpine-2.24+dfsg1/pico/composer.c:246:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *dp = ap->description, *bufp = &buf[strlen(buf)]; data/alpine-2.24+dfsg1/pico/composer.c:263:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), sizeof(buf)-strlen(buf), "\"%s", ap->next ? "," : ""); data/alpine-2.24+dfsg1/pico/composer.c:263:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), sizeof(buf)-strlen(buf), "\"%s", ap->next ? "," : ""); data/alpine-2.24+dfsg1/pico/composer.c:265:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(addrbuf) + strlen(buf) >= addrbuflen){ data/alpine-2.24+dfsg1/pico/composer.c:265:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(addrbuf) + strlen(buf) >= addrbuflen){ data/alpine-2.24+dfsg1/pico/composer.c:274:22: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(addrbuf, buf, addrbuflen-strlen(addrbuf)-1); data/alpine-2.24+dfsg1/pico/composer.c:274:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(addrbuf, buf, addrbuflen-strlen(addrbuf)-1); data/alpine-2.24+dfsg1/pico/composer.c:804:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = lmp->dir ? strlen(lmp->dir)+1 : 0; data/alpine-2.24+dfsg1/pico/composer.c:805:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += lmp->fname ? strlen(lmp->fname) : 0; data/alpine-2.24+dfsg1/pico/composer.c:972:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l1 = strlen(saveprefix); data/alpine-2.24+dfsg1/pico/composer.c:973:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l2 = strlen(new_nickname); data/alpine-2.24+dfsg1/pico/composer.c:992:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(insert, saveprefix, l); data/alpine-2.24+dfsg1/pico/composer.c:993:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(insert+l1, new_nickname, l-l1); data/alpine-2.24+dfsg1/pico/composer.c:1271:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir, (gmode & MDCURDIR) data/alpine-2.24+dfsg1/pico/composer.c:1287:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = lmp->dir ? strlen(lmp->dir)+1 : 0; data/alpine-2.24+dfsg1/pico/composer.c:1288:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += lmp->fname ? strlen(lmp->fname) : 0; data/alpine-2.24+dfsg1/pico/composer.c:1290:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(lmp->size); data/alpine-2.24+dfsg1/pico/composer.c:1314:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(bfp + strlen(bfp), space-strlen(bfp), " (%s) \"\"%s", lmp->size, data/alpine-2.24+dfsg1/pico/composer.c:1314:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(bfp + strlen(bfp), space-strlen(bfp), " (%s) \"\"%s", lmp->size, data/alpine-2.24+dfsg1/pico/composer.c:1351:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/alpine-2.24+dfsg1/pico/composer.c:1353:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(errmss, s, len+1); data/alpine-2.24+dfsg1/pico/composer.c:1546:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/alpine-2.24+dfsg1/pico/composer.c:1548:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(errmss, s, len+1); data/alpine-2.24+dfsg1/pico/composer.c:1609:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(xx, "Can't move down. Use ^X to ", sizeof(xx)); data/alpine-2.24+dfsg1/pico/composer.c:1611:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(xx, (Pmaster && Pmaster->exit_label) data/alpine-2.24+dfsg1/pico/composer.c:1617:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). : "Send", sizeof(xx)-strlen(xx)-1); data/alpine-2.24+dfsg1/pico/composer.c:1619:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(xx, ".", sizeof(xx)-strlen(xx)-1); data/alpine-2.24+dfsg1/pico/composer.c:1619:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(xx, ".", sizeof(xx)-strlen(xx)-1); data/alpine-2.24+dfsg1/pico/composer.c:3728:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(sbuf, tmp, sbuflen-strlen(sbuf)-1); data/alpine-2.24+dfsg1/pico/composer.c:3728:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(sbuf, tmp, sbuflen-strlen(sbuf)-1); data/alpine-2.24+dfsg1/pico/composer.c:3918:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sz += strlen(p); data/alpine-2.24+dfsg1/pico/composer.c:3933:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(tbuf, p, biggest+1-strlen(tbuf)-1); data/alpine-2.24+dfsg1/pico/composer.c:3933:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tbuf, p, biggest+1-strlen(tbuf)-1); data/alpine-2.24+dfsg1/pico/composer.c:4505:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). count += strlen(p); data/alpine-2.24+dfsg1/pico/composer.c:4506:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(p[0] && p[strlen(p)-1] == ',') data/alpine-2.24+dfsg1/pico/composer.c:4551:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(*headents[i].realaddr, p, headents[i].maxlen+1-strlen(*headents[i].realaddr)-1); data/alpine-2.24+dfsg1/pico/composer.c:4551:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(*headents[i].realaddr, p, headents[i].maxlen+1-strlen(*headents[i].realaddr)-1); data/alpine-2.24+dfsg1/pico/composer.c:4554:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(p[0] && p[strlen(p)-1] == ','){ data/alpine-2.24+dfsg1/pico/composer.c:4555:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(*headents[i].realaddr, " ", headents[i].maxlen+1-strlen(*headents[i].realaddr)-1); data/alpine-2.24+dfsg1/pico/composer.c:4555:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(*headents[i].realaddr, " ", headents[i].maxlen+1-strlen(*headents[i].realaddr)-1); data/alpine-2.24+dfsg1/pico/composer.c:4679:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret->opertree = (char *) malloc(sizeof(char) * (strlen(opertree) + 1)); data/alpine-2.24+dfsg1/pico/composer.c:4681:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ret->opertree, opertree, strlen(opertree)+1); data/alpine-2.24+dfsg1/pico/composer.c:4681:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(ret->opertree, opertree, strlen(opertree)+1); data/alpine-2.24+dfsg1/pico/composer.c:4744:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(opertree, state->opertree, sizeof(opertree)); data/alpine-2.24+dfsg1/pico/display.c:1399:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(t2, PICO_NEWBUF_MSG, sizeof(t2)); data/alpine-2.24+dfsg1/pico/display.c:1404:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(t3, PICO_MOD_MSG, sizeof(t3)); data/alpine-2.24+dfsg1/pico/display.c:1979:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(utf8buf, utf8, nbuf); data/alpine-2.24+dfsg1/pico/display.c:3506:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(keymenu[index].label[0] == '[' && keymenu[index].label[(l=strlen(keymenu[index].label))-1] == ']' && l > 2){ data/alpine-2.24+dfsg1/pico/display.c:3507:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp_label, &keymenu[index].label[1], MIN(sizeof(tmp_label),l-2)); data/alpine-2.24+dfsg1/pico/display.c:3512:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(this_label, _(keymenu[index].label), sizeof(this_label)); data/alpine-2.24+dfsg1/pico/display.c:3534:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(nbuf), data/alpine-2.24+dfsg1/pico/file.c:59:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(fname) == 0) { data/alpine-2.24+dfsg1/pico/file.c:234:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir, (gmode&MDCURDIR) data/alpine-2.24+dfsg1/pico/file.c:246:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dirlen = strlen(dir); data/alpine-2.24+dfsg1/pico/file.c:248:10: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(dir, S_FILESEP, sizeof(dir)-strlen(dir)-1); data/alpine-2.24+dfsg1/pico/file.c:248:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(dir, S_FILESEP, sizeof(dir)-strlen(dir)-1); data/alpine-2.24+dfsg1/pico/file.c:252:8: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(dir, fn, sizeof(dir)-strlen(dir)-1); data/alpine-2.24+dfsg1/pico/file.c:252:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(dir, fn, sizeof(dir)-strlen(dir)-1); data/alpine-2.24+dfsg1/pico/file.c:270:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(dir)+strlen(S_FILESEP)+strlen(fname); data/alpine-2.24+dfsg1/pico/file.c:270:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(dir)+strlen(S_FILESEP)+strlen(fname); data/alpine-2.24+dfsg1/pico/file.c:270:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(dir)+strlen(S_FILESEP)+strlen(fname); data/alpine-2.24+dfsg1/pico/file.c:272:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(infile, dir, len); data/alpine-2.24+dfsg1/pico/file.c:274:10: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(infile, S_FILESEP, len+1-1-strlen(infile)); data/alpine-2.24+dfsg1/pico/file.c:274:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(infile, S_FILESEP, len+1-1-strlen(infile)); data/alpine-2.24+dfsg1/pico/file.c:276:10: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(infile, fname, len+1-1-strlen(infile)); data/alpine-2.24+dfsg1/pico/file.c:276:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(infile, fname, len+1-1-strlen(infile)); data/alpine-2.24+dfsg1/pico/file.c:382:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dirbuf, S_FILESEP, dirbuflen); data/alpine-2.24+dfsg1/pico/file.c:393:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dirbuf, orig_fname, dirlen); data/alpine-2.24+dfsg1/pico/file.c:399:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dirbuf, orig_fname, dirlen); data/alpine-2.24+dfsg1/pico/file.c:415:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dirbuf, (gmode & MDCURDIR) data/alpine-2.24+dfsg1/pico/file.c:490:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(curbp->b_fname, fname, sizeof(curbp->b_fname)); data/alpine-2.24+dfsg1/pico/file.c:575:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fname, curbp->b_fname, sizeof(curbp->b_fname)); data/alpine-2.24+dfsg1/pico/file.c:628:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir, S_FILESEP, sizeof(dir)); data/alpine-2.24+dfsg1/pico/file.c:639:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir, fname, MIN(p - fname, sizeof(dir)-1)); data/alpine-2.24+dfsg1/pico/file.c:652:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir, (gmode & MDCURDIR) data/alpine-2.24+dfsg1/pico/file.c:671:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(shows, fname, sizeof(shows)); data/alpine-2.24+dfsg1/pico/file.c:682:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(shows, fname, sizeof(shows)); data/alpine-2.24+dfsg1/pico/file.c:684:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fname, bufp+1, MIN(strlen(bufp+1)+1, sizeof(fname))); data/alpine-2.24+dfsg1/pico/file.c:684:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(fname, bufp+1, MIN(strlen(bufp+1)+1, sizeof(fname))); data/alpine-2.24+dfsg1/pico/file.c:692:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(shows, ((gmode & MDTREE) || opertree[0]) data/alpine-2.24+dfsg1/pico/file.c:699:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(origshows, shows, sizeof(origshows)); data/alpine-2.24+dfsg1/pico/file.c:703:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(shows)+strlen(S_FILESEP)+strlen(fname) < NLINE){ data/alpine-2.24+dfsg1/pico/file.c:703:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(shows)+strlen(S_FILESEP)+strlen(fname) < NLINE){ data/alpine-2.24+dfsg1/pico/file.c:703:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(shows)+strlen(S_FILESEP)+strlen(fname) < NLINE){ data/alpine-2.24+dfsg1/pico/file.c:704:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(shows, S_FILESEP, sizeof(shows)-strlen(shows)-1); data/alpine-2.24+dfsg1/pico/file.c:704:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(shows, S_FILESEP, sizeof(shows)-strlen(shows)-1); data/alpine-2.24+dfsg1/pico/file.c:706:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(shows, fname, sizeof(shows)-strlen(shows)-1); data/alpine-2.24+dfsg1/pico/file.c:706:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(shows, fname, sizeof(shows)-strlen(shows)-1); data/alpine-2.24+dfsg1/pico/file.c:708:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fname, shows, sizeof(fname)); data/alpine-2.24+dfsg1/pico/file.c:717:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(shows, S_FILESEP, sizeof(shows)-strlen(shows)-1); data/alpine-2.24+dfsg1/pico/file.c:717:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(shows, S_FILESEP, sizeof(shows)-strlen(shows)-1); data/alpine-2.24+dfsg1/pico/file.c:719:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(shows, fname, sizeof(shows)-strlen(shows)-1); data/alpine-2.24+dfsg1/pico/file.c:719:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(shows, fname, sizeof(shows)-strlen(shows)-1); data/alpine-2.24+dfsg1/pico/file.c:721:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fname, shows, sizeof(fname)); data/alpine-2.24+dfsg1/pico/file.c:771:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(curbp->b_fname, fname, sizeof(curbp->b_fname)); data/alpine-2.24+dfsg1/pico/file.c:1027:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir, dirarg, sizeof(dir)); data/alpine-2.24+dfsg1/pico/file.c:1035:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p) + 1; data/alpine-2.24+dfsg1/pico/file.c:1053:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, p, sizeof(tmp)); data/alpine-2.24+dfsg1/pico/file.c:1058:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p) + 1; data/alpine-2.24+dfsg1/pico/file.c:1068:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fn, tmp, fnlen); data/alpine-2.24+dfsg1/pico/file.c:1071:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(dir)+strlen(S_FILESEP)+strlen(fn)) < sizeof(dir)){ data/alpine-2.24+dfsg1/pico/file.c:1071:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(dir)+strlen(S_FILESEP)+strlen(fn)) < sizeof(dir)){ data/alpine-2.24+dfsg1/pico/file.c:1071:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(dir)+strlen(S_FILESEP)+strlen(fn)) < sizeof(dir)){ data/alpine-2.24+dfsg1/pico/file.c:1072:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(dir, S_FILESEP, sizeof(dir)-strlen(dir)-1); data/alpine-2.24+dfsg1/pico/file.c:1072:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(dir, S_FILESEP, sizeof(dir)-strlen(dir)-1); data/alpine-2.24+dfsg1/pico/file.c:1074:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(dir, fn, sizeof(dir)-strlen(dir)-1); data/alpine-2.24+dfsg1/pico/file.c:1074:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(dir, fn, sizeof(dir)-strlen(dir)-1); data/alpine-2.24+dfsg1/pico/file.c:1077:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(fn, S_FILESEP, fnlen-strlen(fn)-1); data/alpine-2.24+dfsg1/pico/file.c:1077:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(fn, S_FILESEP, fnlen-strlen(fn)-1); data/alpine-2.24+dfsg1/pico/file.c:1100:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int end = strlen(opertree); data/alpine-2.24+dfsg1/pico/main.c:219:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define cpstr(s) strcpy((char *)fs_get(1+strlen(s)), s) data/alpine-2.24+dfsg1/pico/main.c:288:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(opertree, fname_to_utf8(opertree), sizeof(opertree)); data/alpine-2.24+dfsg1/pico/main.c:308:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (l = strlen(file_to_edit)) > 1 data/alpine-2.24+dfsg1/pico/main.c:319:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(bname, "main", sizeof(bname)); /* default buffer name */ data/alpine-2.24+dfsg1/pico/main.c:348:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bp->b_bname, bname, sizeof(bp->b_bname)); data/alpine-2.24+dfsg1/pico/main.c:351:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(file_to_edit) >= NFILEN){ data/alpine-2.24+dfsg1/pico/main.c:359:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bp->b_fname, file_to_edit, sizeof(bp->b_fname)); data/alpine-2.24+dfsg1/pico/main.c:374:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(bp->b_bname, "main", sizeof(bp->b_bname)); data/alpine-2.24+dfsg1/pico/main.c:376:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(bp->b_fname, "", sizeof(bp->b_fname)); data/alpine-2.24+dfsg1/pico/main.c:795:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dictionary[i] = fs_get(strlen(str) + 1); data/alpine-2.24+dfsg1/pico/main.c:978:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(opertree, str, NLINE); data/alpine-2.24+dfsg1/pico/main.c:1184:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bp->b_bname, bname, sizeof(bp->b_bname)); data/alpine-2.24+dfsg1/pico/main.c:1186:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bp->b_fname, filename, sizeof(bp->b_fname)); data/alpine-2.24+dfsg1/pico/main.c:1190:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(bp->b_bname, "", sizeof(bp->b_bname)); data/alpine-2.24+dfsg1/pico/main.c:1192:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(bp->b_fname, "", sizeof(bp->b_fname)); data/alpine-2.24+dfsg1/pico/main.c:1284:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp_20k_buf, *a++, SIZEOF_20KBUF); data/alpine-2.24+dfsg1/pico/main.c:1287:13: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(tmp_20k_buf, "\n", SIZEOF_20KBUF-strlen(tmp_20k_buf)-1); data/alpine-2.24+dfsg1/pico/main.c:1287:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tmp_20k_buf, "\n", SIZEOF_20KBUF-strlen(tmp_20k_buf)-1); data/alpine-2.24+dfsg1/pico/main.c:1289:13: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(tmp_20k_buf, *a++, SIZEOF_20KBUF-strlen(tmp_20k_buf)-1); data/alpine-2.24+dfsg1/pico/main.c:1289:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tmp_20k_buf, *a++, SIZEOF_20KBUF-strlen(tmp_20k_buf)-1); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:93:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(result, "Alternate %s complete.", sizeof(result)); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:98:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(eb, alt_speller, sizeof(eb)); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:136:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(eb, *lp, sizeof(eb)); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:150:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(eb, (char *)getenv("EDITOR"), sizeof(eb)); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:195:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(eb, " ", sizeof(eb)-strlen(eb)-1); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:195:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(eb, " ", sizeof(eb)-strlen(eb)-1); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:197:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(eb, fn, sizeof(eb)-strlen(eb)-1); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:197:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(eb, fn, sizeof(eb)-strlen(eb)-1); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:265:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(result, "Alternate %s done", sizeof(result)); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:321:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(result, "OK, alternate %s done", sizeof(result)); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:374:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(eb, p + 1, sizeof(eb)-strlen(eb)-1); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:374:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(eb, p + 1, sizeof(eb)-strlen(eb)-1); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:392:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(eb, p, sizeof(eb)-strlen(eb)-1); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:392:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(eb, p, sizeof(eb)-strlen(eb)-1); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:419:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(eb, (char *)getenv("EDITOR"), sizeof(eb)); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:475:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(eb, " ", sizeof(eb)-strlen(eb)-1); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:475:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(eb, " ", sizeof(eb)-strlen(eb)-1); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:477:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(eb, fn, sizeof(eb)-strlen(eb)-1); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:477:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(eb, fn, sizeof(eb)-strlen(eb)-1); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:632:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cmdbuf, path, ncmdbuf); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:662:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cmdbuf, utf8, ncmdbuf); data/alpine-2.24+dfsg1/pico/osdep/altedit.c:706:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&pathcopy[i], exts[j], sizeof(pathcopy)-i); data/alpine-2.24+dfsg1/pico/osdep/chkpoint.c:55:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(file, "#picoXXXXX#", filelen); data/alpine-2.24+dfsg1/pico/osdep/chkpoint.c:57:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(file, "#picoTM0.txt", filelen); data/alpine-2.24+dfsg1/pico/osdep/chkpoint.c:64:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t l = strlen(file); data/alpine-2.24+dfsg1/pico/osdep/chkpoint.c:72:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(file + l, "#picoXXXXX#", filelen-l); data/alpine-2.24+dfsg1/pico/osdep/chkpoint.c:74:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(file + l, "#picoTM0.txt", filelen-l); data/alpine-2.24+dfsg1/pico/osdep/chkpoint.c:81:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(chp = file+strlen(file) - 2; *chp == 'X'; chp--){ data/alpine-2.24+dfsg1/pico/osdep/chkpoint.c:89:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(copy, "#picoTM1.txt", sizeof(copy)); data/alpine-2.24+dfsg1/pico/osdep/color.c:420:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bg_color_was, _last_bg_color, sizeof(bg_color_was)); data/alpine-2.24+dfsg1/pico/osdep/color.c:488:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fg_color_was, _last_fg_color, sizeof(fg_color_was)); data/alpine-2.24+dfsg1/pico/osdep/color.c:579:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(colorname, "black", sizeof(colorname)); data/alpine-2.24+dfsg1/pico/osdep/color.c:583:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(colorname, "red", sizeof(colorname)); data/alpine-2.24+dfsg1/pico/osdep/color.c:587:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(colorname, "green", sizeof(colorname)); data/alpine-2.24+dfsg1/pico/osdep/color.c:591:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(colorname, "yellow", sizeof(colorname)); data/alpine-2.24+dfsg1/pico/osdep/color.c:595:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(colorname, "blue", sizeof(colorname)); data/alpine-2.24+dfsg1/pico/osdep/color.c:599:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(colorname, "magenta", sizeof(colorname)); data/alpine-2.24+dfsg1/pico/osdep/color.c:603:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(colorname, "cyan", sizeof(colorname)); data/alpine-2.24+dfsg1/pico/osdep/color.c:607:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(colorname, "white", sizeof(colorname)); data/alpine-2.24+dfsg1/pico/osdep/color.c:616:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(colorname, MATCH_TRAN_COLOR, sizeof(colorname)); data/alpine-2.24+dfsg1/pico/osdep/color.c:836:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_name->namelen = strlen(name); data/alpine-2.24+dfsg1/pico/osdep/color.c:840:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new_name->name, name, new_name->namelen+1); data/alpine-2.24+dfsg1/pico/osdep/color.c:994:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(scopy, s, sizeof(scopy)); data/alpine-2.24+dfsg1/pico/osdep/color.c:1097:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/alpine-2.24+dfsg1/pico/osdep/color.c:1100:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_nfcolor, s, len+1); data/alpine-2.24+dfsg1/pico/osdep/color.c:1105:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(the_normal_color->fg, _nfcolor, MAXCOLORLEN+1); data/alpine-2.24+dfsg1/pico/osdep/color.c:1123:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/alpine-2.24+dfsg1/pico/osdep/color.c:1126:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_nbcolor, s, len+1); data/alpine-2.24+dfsg1/pico/osdep/color.c:1131:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(the_normal_color->bg, _nbcolor, MAXCOLORLEN+1); data/alpine-2.24+dfsg1/pico/osdep/color.c:1148:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/alpine-2.24+dfsg1/pico/osdep/color.c:1151:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_rfcolor, s, len+1); data/alpine-2.24+dfsg1/pico/osdep/color.c:1156:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(the_rev_color->fg, _rfcolor, MAXCOLORLEN+1); data/alpine-2.24+dfsg1/pico/osdep/color.c:1173:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/alpine-2.24+dfsg1/pico/osdep/color.c:1176:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_rbcolor, s, len+1); data/alpine-2.24+dfsg1/pico/osdep/color.c:1181:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(the_rev_color->bg, _rbcolor, MAXCOLORLEN+1); data/alpine-2.24+dfsg1/pico/osdep/color.c:1406:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cp->fg, END_PSEUDO_REVERSE, MAXCOLORLEN+1); data/alpine-2.24+dfsg1/pico/osdep/color.c:1408:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cp->bg, END_PSEUDO_REVERSE, MAXCOLORLEN+1); data/alpine-2.24+dfsg1/pico/osdep/color.c:1444:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(scopy, s, sizeof(scopy)); data/alpine-2.24+dfsg1/pico/osdep/color.c:1522:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(colorx(val)); data/alpine-2.24+dfsg1/pico/osdep/color.c:1524:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_last_fg_color, colorx(val), len+1); data/alpine-2.24+dfsg1/pico/osdep/color.c:1571:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(colorx(val)); data/alpine-2.24+dfsg1/pico/osdep/color.c:1573:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_last_bg_color, colorx(val), len+1); data/alpine-2.24+dfsg1/pico/osdep/color.c:1618:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(c_to_a_buf[whichbuf], ct->rgb, sizeof(c_to_a_buf[0])); data/alpine-2.24+dfsg1/pico/osdep/color.c:1632:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(scopy, colorName, sizeof(scopy)); data/alpine-2.24+dfsg1/pico/osdep/color.c:1660:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(c_to_a_buf[whichbuf], ct->rgb, sizeof(c_to_a_buf[0])); data/alpine-2.24+dfsg1/pico/osdep/color.c:1683:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(c_to_a_buf[whichbuf], "xxxxxxxxxxx", RGBLEN); /* RGBLEN is 11 */ data/alpine-2.24+dfsg1/pico/osdep/color.c:1684:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(colorName); data/alpine-2.24+dfsg1/pico/osdep/color.c:1685:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(c_to_a_buf[whichbuf], colorName, (l < RGBLEN) ? l : RGBLEN); data/alpine-2.24+dfsg1/pico/osdep/color.c:1701:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(_last_fg_color); data/alpine-2.24+dfsg1/pico/osdep/color.c:1703:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ret, _last_fg_color, len+1); data/alpine-2.24+dfsg1/pico/osdep/color.c:1720:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(_last_bg_color); data/alpine-2.24+dfsg1/pico/osdep/color.c:1722:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ret, _last_bg_color, len+1); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:229:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(buf, "~", sizeof(buf)); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:238:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hlen = strlen(buf); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:244:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(home, buf, hlen); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:360:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void)strncpy(fn, dp.d_name, DIRSIZ); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:368:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, dn, sizeof(buf)); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:371:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (dn[strlen(dn)-1] == '\\') ? "" : "\\", data/alpine-2.24+dfsg1/pico/osdep/filesys.c:388:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!pat || !*pat || !strncmp(p, pat, strlen(pat))){ data/alpine-2.24+dfsg1/pico/osdep/filesys.c:391:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(p); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:504:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!home || (strlen(home) + strlen(fn) >= fnlen)) data/alpine-2.24+dfsg1/pico/osdep/filesys.c:504:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!home || (strlen(home) + strlen(fn) >= fnlen)) data/alpine-2.24+dfsg1/pico/osdep/filesys.c:518:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(z = x + strlen(x), y = fn + strlen(x) + strlen(home); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:518:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(z = x + strlen(x), y = fn + strlen(x) + strlen(home); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:518:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(z = x + strlen(x), y = fn + strlen(x) + strlen(home); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:553:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(file[strlen(file)-1] != '\\') data/alpine-2.24+dfsg1/pico/osdep/filesys.c:554:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(file, "\\", sizeof(file)-1-strlen(file)); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:554:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(file, "\\", sizeof(file)-1-strlen(file)); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:557:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(file, &name[2], sizeof(file)-1-strlen(file)); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:557:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(file, &name[2], sizeof(file)-1-strlen(file)); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:573:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(file, ((gmode & MDTREE) || opertree[0]) data/alpine-2.24+dfsg1/pico/osdep/filesys.c:581:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(*file && file[strlen(file)-1] != '\\') data/alpine-2.24+dfsg1/pico/osdep/filesys.c:582:8: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(file, "\\", sizeof(file)-1-strlen(file)); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:582:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(file, "\\", sizeof(file)-1-strlen(file)); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:584:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(file, name, sizeof(file)-1-strlen(file)); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:584:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(file, name, sizeof(file)-1-strlen(file)); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:588:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, file, namelen-1); /* copy back to real buffer */ data/alpine-2.24+dfsg1/pico/osdep/filesys.c:598:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (*name != '~' && strlen(name)+2 < namelen)){ data/alpine-2.24+dfsg1/pico/osdep/filesys.c:600:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(gmode&MDTREE && strlen(name)+strlen(opertree)+1 < namelen){ data/alpine-2.24+dfsg1/pico/osdep/filesys.c:600:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(gmode&MDTREE && strlen(name)+strlen(opertree)+1 < namelen){ data/alpine-2.24+dfsg1/pico/osdep/filesys.c:601:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int off = strlen(opertree); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:606:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, opertree, MIN(off,namelen-1)); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:648:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pathbuf, path, sizeof(pathbuf)); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:654:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pathbuf, path, sizeof(pathbuf)); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:658:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pathbuf, path, sizeof(pathbuf)); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:695:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(path, S_FILESEP, pathlen-strlen(path)-1); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:695:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(path, S_FILESEP, pathlen-strlen(path)-1); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:697:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(path, stack[i], pathlen-strlen(path)-1); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:697:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(path, stack[i], pathlen-strlen(path)-1); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:730:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, t, NFILEN-1); data/alpine-2.24+dfsg1/pico/osdep/filesys.c:850:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if((n = read(in, cb, NLINE)) < 0){ data/alpine-2.24+dfsg1/pico/osdep/msdlg.c:84:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int strlen; /* Length of buffer. */ data/alpine-2.24+dfsg1/pico/osdep/msdlg.c:353:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). GetDlgItemText(hDlg, IDC_RESPONCE, gOEInfo.string, gOEInfo.strlen); data/alpine-2.24+dfsg1/pico/osdep/msdlg.c:379:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). GetDlgItemText(hDlg, IDC_RESPONCE, gOEInfo.string, gOEInfo.strlen); data/alpine-2.24+dfsg1/pico/osdep/msdlg.c:394:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). GetDlgItemText(hDlg, IDC_RESPONCE, gOEInfo.string, gOEInfo.strlen); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:3985:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*str == '\0' || strlen (str) > 9) return (FALSE); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:4030:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!struncmp(ct->colorName, colorName, (int)strlen(ct->colorName))){ data/alpine-2.24+dfsg1/pico/osdep/mswin.c:4063:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(colorName, cf->colorName, ncolorName); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:4116:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!struncmp(ct->colorName, s, (int)strlen(ct->colorName))) data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5146:22: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mitem.cch = (UINT)_tcslen(tcbuf); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5181:22: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mitem.cch = (UINT)_tcslen(tcbuf); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5470:22: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mitem.cch = (UINT)_tcslen(tcbuf); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5483:26: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mitem.cch = (UINT)_tcslen(tcbuf); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5766:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buf, TEXT("ANSI_CHARSET"), sizeof(buf)/sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5769:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buf, TEXT("OEM_CHARSET"), sizeof(buf)/sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5772:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buf, TEXT("BALTIC_CHARSET"), sizeof(buf)/sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5775:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buf, TEXT("CHINESE_CHARSET"), sizeof(buf)/sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5778:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buf, TEXT("EASTEUROPE_CHARSET"), sizeof(buf)/sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5781:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buf, TEXT("GF2312_CHARSET"), sizeof(buf)/sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5784:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buf, TEXT("GREEK_CHARSET"), sizeof(buf)/sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5787:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buf, TEXT("HANGUL_CHARSET"), sizeof(buf)/sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5790:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buf, TEXT("MAC_CHARSET"), sizeof(buf)/sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5793:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buf, TEXT("RUSSIAN_CHARSET"), sizeof(buf)/sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5796:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buf, TEXT("SHIFTJIS_CHARSET"), sizeof(buf)/sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5799:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buf, TEXT("SYMBOL_CHARSET"), sizeof(buf)/sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5802:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buf, TEXT("TURKISH_CHARSET"), sizeof(buf)/sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5805:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buf, TEXT("VIETNAMESE_CHARSET"), sizeof(buf)/sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5808:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buf, TEXT("JOHAB_CHARSET"), sizeof(buf)/sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5811:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buf, TEXT("ARABIC_CHARSET"), sizeof(buf)/sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5814:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buf, TEXT("HEBREW_CHARSET"), sizeof(buf)/sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5817:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buf, TEXT("THAI_CHARSET"), sizeof(buf)/sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5826:5: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(fontCharSet, buf, nfontCharSet); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5843:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(tstr, str, 1024); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5928:2: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcslen(fontName_lpt) <= LF_FACESIZE - 1){ data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5981:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(windowPosition) > sizeof(wp)-1) data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5984:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wp, windowPosition, sizeof(wp)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:5991:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = (int)strlen(wp) - 1; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6145:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(t) < nfontName) data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6159:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(t) < nfontCharSet) data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6181:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(fontStyle_utf8, "bold", nfontStyle); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6187:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(fontStyle_utf8, sep[iSep], nfontStyle-strlen(fontStyle_utf8)-1); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6187:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(fontStyle_utf8, sep[iSep], nfontStyle-strlen(fontStyle_utf8)-1); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6189:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(fontStyle_utf8, "italic", nfontStyle-strlen(fontStyle_utf8)-1); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6189:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(fontStyle_utf8, "italic", nfontStyle-strlen(fontStyle_utf8)-1); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6196:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(windowPosition, "MIN0", nwindowPosition); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6216:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(windowPosition, gpTTYInfo->toolBarTop ? "t" : "b", data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6217:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nwindowPosition-strlen(windowPosition)-1); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6222:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(windowPosition, "d", nwindowPosition-strlen(windowPosition)-1); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6222:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(windowPosition, "d", nwindowPosition-strlen(windowPosition)-1); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6227:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(windowPosition, "a", nwindowPosition-strlen(windowPosition)-1); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6227:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(windowPosition, "a", nwindowPosition-strlen(windowPosition)-1); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6232:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(windowPosition, "!", nwindowPosition-strlen(windowPosition)-1); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6232:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(windowPosition, "!", nwindowPosition-strlen(windowPosition)-1); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6248:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(caretStyle, MSWinCaretTable[i].name, ncaretStyle); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6493:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(gPrintFontName, fn, sizeof(gPrintFontName)/sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6496:6: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(gPrintFontStyle, fstyle, sizeof(gPrintFontStyle)/sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6502:6: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(gPrintFontCharSet, fc, sizeof(gPrintFontCharSet)/sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6550:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fontName_utf8, u, nfontName); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6563:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fontStyle_utf8, u, nfontStyle); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:6572:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fontCharSet_utf8, u, nfontCharSet); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:7018:19: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strLen = (int)_tcslen (lptstr_str); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:7036:12: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(n < _tcslen(lptstr_str)) data/alpine-2.24+dfsg1/pico/osdep/mswin.c:7512:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(s && (sSize = strlen(s))){ data/alpine-2.24+dfsg1/pico/osdep/mswin.c:7661:6: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy (nt.szTip, tip, 63); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:7672:6: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy (nt.szTip, tip, 63); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8074:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(newFont.lfFaceName, gpTTYInfo->lfTTYFont.lfFaceName, LF_FACESIZE); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8096:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(newFont.lfFaceName, gPrintFontName, LF_FACESIZE); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8327:9: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (_tcslen (gHomeDir) == 0) { data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8369:6: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(fName_lpt, f, nMaxFName); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8380:6: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(dir_lpt, f, nMaxDName); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8394:25: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(filters + _tcslen(filters), data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8395:40: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(filters)/sizeof(TCHAR) - _tcslen(filters), data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8404:5: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(filters, TEXT("Text Files (*.txt)#*.txt#All Files (*.*)#*.*#"), data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8445:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(dir_lpt, fName_lpt, nMaxDName-1); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8454:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(gLastDir, dir_lpt, PATH_MAX); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8460:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir_utf8, cp, nMaxDName-1); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8470:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fName_utf8, cp, nMaxFName-1); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8552:6: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(fName_lpt, f, nMaxFName); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8563:6: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(dir_lpt, f, nMaxDName); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8600:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(dir_lpt, fName_lpt, nMaxDName-1); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8609:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(gLastDir, dir_lpt, PATH_MAX); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8615:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir_utf8, cp, nMaxDName-1); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8625:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fName_utf8, cp, nMaxFName-1); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8706:6: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(fName_lpt, f, nMaxFName); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8717:6: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(dir_lpt, f, nMaxDName); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8755:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(dir_lpt, fName_lpt, nMaxDName-1); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8764:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(gLastDir, dir_lpt, PATH_MAX); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8770:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir_utf8, cp, nMaxDName-1); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8784:60: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(q=fName_utf8, p=fName_lpt + ofn.nFileOffset; *p; p += _tcslen(p)+1){ data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8839:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(the_normal_color->fg, data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8867:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(the_normal_color->bg, data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8894:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(the_rev_color->fg, data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8917:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(the_rev_color->bg, data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8983:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(c_to_a_buf[whichbuf], "xxxxxxxxxxx", RGBLEN); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8984:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = (int)strlen(colorName); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:8985:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(c_to_a_buf[whichbuf], colorName, (l < RGBLEN) ? l : RGBLEN); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:9199:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(p, rgbbuf, MAXCLEN); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:9366:5: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(newFont.lfFaceName, gPrintFontName, LF_FACESIZE); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:9428:5: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(fontName, pFont->lfFaceName, nfontName); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:9433:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(fontStyle, TEXT("bold"), nfontStyle); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:9439:2: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(fontStyle, sep[iSep], nfontStyle - _tcslen(fontStyle)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:9439:46: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncat(fontStyle, sep[iSep], nfontStyle - _tcslen(fontStyle)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:9442:2: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(fontStyle, TEXT("italic"), nfontStyle - _tcslen(fontStyle)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:9442:51: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncat(fontStyle, TEXT("italic"), nfontStyle - _tcslen(fontStyle)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:9821:15: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cbSize = _tcslen (pCB); /* It's a null term string. */ data/alpine-2.24+dfsg1/pico/osdep/mswin.c:9946:12: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cbSize = _tcslen (pCB); /* It's a null term string. */ data/alpine-2.24+dfsg1/pico/osdep/mswin.c:9960:14: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cbSize = _tcslen(gpPasteNext); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:10122:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mswin_displaytext (title, help, strlen(help), NULL, NULL, 0); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:10695:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(data_utf8, t_utf8str, size); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:10798:62: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). RegSetValueEx(hKey, val, 0, REG_SZ, (LPBYTE)data, (DWORD)(_tcslen(data)+1)*sizeof(TCHAR)); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:10995:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(scheme, url_lptstr, p - url_lptstr); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11001:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(cmdbuf) + 2; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11007:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cmd, cmdbuf, len); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11145:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(cmdbuf, "*Shell*", clen); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11154:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(cmdbuf, "*Shell*", clen); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11206:19: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (DWORD)(_tcslen(data_lptstr) + 1)*sizeof(TCHAR)) == ERROR_SUCCESS; data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11404:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen += (strlen(*l)+1); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11415:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p); data/alpine-2.24+dfsg1/pico/osdep/mswin.c:11457:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). desc, MIN(100, strlen(tmtxt)-1), tmtxt); data/alpine-2.24+dfsg1/pico/osdep/mswin_aspell.c:128:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(aspell_fullname, aspell_name, ARRAYSIZE(aspell_fullname)); data/alpine-2.24+dfsg1/pico/osdep/mswin_tw.c:471:31: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mitem.cch = (UINT)_tcslen(s_popup_menu[i].dwTypeData); data/alpine-2.24+dfsg1/pico/osdep/read.c:199:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). res = read(STDIN_FD, &c, 1); data/alpine-2.24+dfsg1/pico/osdep/signals.c:80:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(curbp->b_fname, "pico.save", sizeof(curbp->b_fname)); data/alpine-2.24+dfsg1/pico/osdep/signals.c:84:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(curbp->b_fname, ".save", sizeof(curbp->b_fname)-strlen(curbp->b_fname)-1); data/alpine-2.24+dfsg1/pico/osdep/signals.c:84:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(curbp->b_fname, ".save", sizeof(curbp->b_fname)-strlen(curbp->b_fname)-1); data/alpine-2.24+dfsg1/pico/osdep/signals.c:167:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(b, fname_to_locale(oldname), sizeof(b)); data/alpine-2.24+dfsg1/pico/osdep/spell.c:113:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = (strlen(sp) + 1); data/alpine-2.24+dfsg1/pico/osdep/terminal.c:317:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(term_name, ttnm, sizeof(term_name)); data/alpine-2.24+dfsg1/pico/osdep/terminal.c:1072:42: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (!(tv_stype = getenv("TERM")) || !strncpy(term_name, tv_stype, sizeof(term_name))){ data/alpine-2.24+dfsg1/pico/osdep/tty.c:155:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((res = read(STDIN_FD, &c, 1)) <= 0) data/alpine-2.24+dfsg1/pico/pico.c:178:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(bname, "main", sizeof(bname)); /* default buffer name */ data/alpine-2.24+dfsg1/pico/pico.c:501:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(opertree, data/alpine-2.24+dfsg1/pico/pico.c:502:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (Pmaster->oper_dir && strlen(Pmaster->oper_dir) < NLINE) data/alpine-2.24+dfsg1/pico/pico.c:526:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(opertree, gethomedir(NULL), sizeof(opertree)); data/alpine-2.24+dfsg1/pico/pico.c:1496:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(label); data/alpine-2.24+dfsg1/pico/pico.c:1498:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(menuitems[i].label, label, len); data/alpine-2.24+dfsg1/pico/pilot.c:126:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filedir, dir, sizeof(filedir)); data/alpine-2.24+dfsg1/pico/pilot.c:131:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filedir, gethomedir(NULL), sizeof(filedir)); data/alpine-2.24+dfsg1/pico/pilot.c:141:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define cpstr(s) strcpy((char *)fs_get(1+strlen(s)), s) data/alpine-2.24+dfsg1/pico/pilot.c:201:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(bname, "main", sizeof(bname)); /* default buffer name */ data/alpine-2.24+dfsg1/pico/pilot.c:381:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(opertree, str, NLINE); data/alpine-2.24+dfsg1/pico/word.c:673:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(prompt, "justify Region, Paragraph; or fix Quotelevel ? ", sizeof(prompt)); data/alpine-2.24+dfsg1/pith/abdlc.c:1683:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "%*.*s", data/alpine-2.24+dfsg1/pith/abdlc.c:1683:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "%*.*s", data/alpine-2.24+dfsg1/pith/abdlc.c:1698:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(screen_width > need_width && (q = utf8_count_back_width(buf, buf+strlen(buf), need_width, &got_width)) != NULL) data/alpine-2.24+dfsg1/pith/abdlc.c:1721:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(hostbuf, start + 1, data/alpine-2.24+dfsg1/pith/abdlc.c:1740:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(ps_global->home_dir); data/alpine-2.24+dfsg1/pith/abdlc.c:1775:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "%*.*s", data/alpine-2.24+dfsg1/pith/abdlc.c:1775:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "%*.*s", data/alpine-2.24+dfsg1/pith/abdlc.c:1797:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "%*.*s", data/alpine-2.24+dfsg1/pith/abdlc.c:1797:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "%*.*s", data/alpine-2.24+dfsg1/pith/abdlc.c:1812:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(screen_width > need_width && (q = utf8_count_back_width(buf, buf+strlen(buf), need_width, &got_width)) != NULL) data/alpine-2.24+dfsg1/pith/ablookup.c:100:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buffer, abe->nickname, buflen-1); data/alpine-2.24+dfsg1/pith/ablookup.c:174:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buffer, abe->fcc, buflen-1); data/alpine-2.24+dfsg1/pith/ablookup.c:523:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(abuf, addr->mailbox, sizeof(abuf)-1); data/alpine-2.24+dfsg1/pith/ablookup.c:526:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(abuf, "@", sizeof(abuf)-strlen(abuf)-1); data/alpine-2.24+dfsg1/pith/ablookup.c:526:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(abuf, "@", sizeof(abuf)-strlen(abuf)-1); data/alpine-2.24+dfsg1/pith/ablookup.c:527:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(abuf, addr->host, sizeof(abuf)-strlen(abuf)-1); data/alpine-2.24+dfsg1/pith/ablookup.c:527:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(abuf, addr->host, sizeof(abuf)-strlen(abuf)-1); data/alpine-2.24+dfsg1/pith/ablookup.c:617:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(abuf, addr->mailbox, MAX_ADDR_FIELD); data/alpine-2.24+dfsg1/pith/ablookup.c:620:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(abuf, "@", MAX_ADDR_FIELD+1-1-strlen(abuf)); data/alpine-2.24+dfsg1/pith/ablookup.c:620:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(abuf, "@", MAX_ADDR_FIELD+1-1-strlen(abuf)); data/alpine-2.24+dfsg1/pith/ablookup.c:621:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(abuf, addr->host, MAX_ADDR_FIELD+1-1-strlen(abuf)); data/alpine-2.24+dfsg1/pith/ablookup.c:621:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(abuf, addr->host, MAX_ADDR_FIELD+1-1-strlen(abuf)); data/alpine-2.24+dfsg1/pith/ablookup.c:712:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length += (strlen(*l2) + 1); data/alpine-2.24+dfsg1/pith/ablookup.c:720:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(l1, *l2, length-(l1-list)); data/alpine-2.24+dfsg1/pith/ablookup.c:722:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l1 += strlen(l1); data/alpine-2.24+dfsg1/pith/ablookup.c:1340:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(newaddr && newaddr[0] && !struncmp(newaddr, query, strlen(query))) data/alpine-2.24+dfsg1/pith/ablookup.c:1351:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(simple_addr && !struncmp(simple_addr, query, strlen(query))) data/alpine-2.24+dfsg1/pith/ablookup.c:1545:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, prefix, sizeof(buf)); data/alpine-2.24+dfsg1/pith/ablookup.c:1605:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(prefix ? prefix : ""); data/alpine-2.24+dfsg1/pith/ablookup.c:1621:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(next_prefix, prefix ? prefix : "", l+2); data/alpine-2.24+dfsg1/pith/addrbook.c:147:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!struncmp(pt->name, p, strlen(pt->name))) data/alpine-2.24+dfsg1/pith/addrbook.c:175:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(pt->name); data/alpine-2.24+dfsg1/pith/addrstring.c:129:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). seplen = strlen(sep); data/alpine-2.24+dfsg1/pith/addrstring.c:134:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dest, sep, seplen); data/alpine-2.24+dfsg1/pith/addrstring.c:140:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dest += strlen(dest); data/alpine-2.24+dfsg1/pith/addrstring.c:267:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += (strlen((*f)(a, string, sizeof(string))) + 2); data/alpine-2.24+dfsg1/pith/addrstring.c:384:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cnt += 2 * (a->personal ? (strlen(a->personal)+1) : 0); data/alpine-2.24+dfsg1/pith/addrstring.c:385:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cnt += 2 * (a->mailbox ? (strlen(a->mailbox)+1) : 0); data/alpine-2.24+dfsg1/pith/addrstring.c:386:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cnt += (a->adl ? strlen(a->adl) : 0); data/alpine-2.24+dfsg1/pith/addrstring.c:387:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cnt += (a->host ? strlen(a->host) : 0); data/alpine-2.24+dfsg1/pith/addrstring.c:442:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, addr->mailbox, maxlen); data/alpine-2.24+dfsg1/pith/addrstring.c:445:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(buf, "@", maxlen+1-1-strlen(buf)); data/alpine-2.24+dfsg1/pith/addrstring.c:445:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "@", maxlen+1-1-strlen(buf)); data/alpine-2.24+dfsg1/pith/addrstring.c:446:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buf, addr->host, maxlen+1-1-strlen(buf)); data/alpine-2.24+dfsg1/pith/addrstring.c:446:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, addr->host, maxlen+1-1-strlen(buf)); data/alpine-2.24+dfsg1/pith/adrbklib.c:315:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, ab->filename, sizeof(buf)-4); data/alpine-2.24+dfsg1/pith/adrbklib.c:494:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(warning, _("Address book doesn't exist"), warninglen); data/alpine-2.24+dfsg1/pith/adrbklib.c:519:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(warning, error_description(errno), warninglen); data/alpine-2.24+dfsg1/pith/adrbklib.c:565:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((c = getc(fp_read)) != EOF) data/alpine-2.24+dfsg1/pith/adrbklib.c:655:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir, filename, MIN(to_copy, sizeof(dir)-1)); data/alpine-2.24+dfsg1/pith/adrbklib.c:754:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nickbuf, nickname, sizeof(nickbuf)); data/alpine-2.24+dfsg1/pith/adrbklib.c:973:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(warning, error_description(errno), warninglen); data/alpine-2.24+dfsg1/pith/adrbklib.c:1143:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, str, sizeof(buf)); data/alpine-2.24+dfsg1/pith/adrbklib.c:1245:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, str, sizeof(buf)); data/alpine-2.24+dfsg1/pith/adrbklib.c:1558:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = extra + strlen(extra); data/alpine-2.24+dfsg1/pith/adrbklib.c:1612:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). addrfield_end = p + strlen(p); data/alpine-2.24+dfsg1/pith/adrbklib.c:1618:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(p[strlen(p)-1] == ')'){ data/alpine-2.24+dfsg1/pith/adrbklib.c:1621:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p[strlen(p)-1] = '\0'; data/alpine-2.24+dfsg1/pith/adrbklib.c:1822:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*last, fullname, last_name_len); data/alpine-2.24+dfsg1/pith/adrbklib.c:1826:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(comma) + 1 + last_name_len; data/alpine-2.24+dfsg1/pith/adrbklib.c:1828:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new_name, comma, l); data/alpine-2.24+dfsg1/pith/adrbklib.c:1830:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(new_name, " ", l+1-1-strlen(new_name)); data/alpine-2.24+dfsg1/pith/adrbklib.c:1830:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(new_name, " ", l+1-1-strlen(new_name)); data/alpine-2.24+dfsg1/pith/adrbklib.c:1832:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(new_name, fullname, MIN(last_name_len,l+1-1-strlen(new_name))); data/alpine-2.24+dfsg1/pith/adrbklib.c:1832:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(new_name, fullname, MIN(last_name_len,l+1-1-strlen(new_name))); data/alpine-2.24+dfsg1/pith/adrbklib.c:2096:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(nickname) <= strlen(ae->nickname)){ data/alpine-2.24+dfsg1/pith/adrbklib.c:2096:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(nickname) <= strlen(ae->nickname)){ data/alpine-2.24+dfsg1/pith/adrbklib.c:2098:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ae->nickname, nickname, strlen(ae->nickname)+1); data/alpine-2.24+dfsg1/pith/adrbklib.c:2098:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(ae->nickname, nickname, strlen(ae->nickname)+1); data/alpine-2.24+dfsg1/pith/adrbklib.c:2114:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(fullname) <= strlen(ae->fullname)){ data/alpine-2.24+dfsg1/pith/adrbklib.c:2114:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(fullname) <= strlen(ae->fullname)){ data/alpine-2.24+dfsg1/pith/adrbklib.c:2116:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ae->fullname, fullname, strlen(ae->fullname)+1); data/alpine-2.24+dfsg1/pith/adrbklib.c:2116:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(ae->fullname, fullname, strlen(ae->fullname)+1); data/alpine-2.24+dfsg1/pith/adrbklib.c:2132:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(fcc) <= strlen(ae->fcc)){ data/alpine-2.24+dfsg1/pith/adrbklib.c:2132:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(fcc) <= strlen(ae->fcc)){ data/alpine-2.24+dfsg1/pith/adrbklib.c:2134:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ae->fcc, fcc, strlen(ae->fcc)+1); data/alpine-2.24+dfsg1/pith/adrbklib.c:2134:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(ae->fcc, fcc, strlen(ae->fcc)+1); data/alpine-2.24+dfsg1/pith/adrbklib.c:2150:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(extra) <= strlen(ae->extra)){ data/alpine-2.24+dfsg1/pith/adrbklib.c:2150:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(extra) <= strlen(ae->extra)){ data/alpine-2.24+dfsg1/pith/adrbklib.c:2152:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ae->extra, extra, strlen(ae->extra)+1); data/alpine-2.24+dfsg1/pith/adrbklib.c:2152:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(ae->extra, extra, strlen(ae->extra)+1); data/alpine-2.24+dfsg1/pith/adrbklib.c:2171:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(address) <= strlen(ae->addr.addr)){ data/alpine-2.24+dfsg1/pith/adrbklib.c:2171:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(address) <= strlen(ae->addr.addr)){ data/alpine-2.24+dfsg1/pith/adrbklib.c:2173:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ae->addr.addr, address, strlen(ae->addr.addr)+1); data/alpine-2.24+dfsg1/pith/adrbklib.c:2173:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(ae->addr.addr, address, strlen(ae->addr.addr)+1); data/alpine-2.24+dfsg1/pith/adrbklib.c:3314:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((c = getc(ab->fp)) != EOF) data/alpine-2.24+dfsg1/pith/adrbklib.c:3525:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). this_len = strlen(write_this ? write_this : ""); data/alpine-2.24+dfsg1/pith/adrbklib.c:3561:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). this_len = strlen(write_this ? write_this : ""); data/alpine-2.24+dfsg1/pith/adrbklib.c:3604:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). this_len = strlen(write_this ? write_this : ""); data/alpine-2.24+dfsg1/pith/adrbklib.c:3646:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). this_len = strlen(write_this ? write_this : ""); data/alpine-2.24+dfsg1/pith/adrbklib.c:3684:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). this_len = strlen(write_this ? write_this : ""); data/alpine-2.24+dfsg1/pith/adrbklib.c:3732:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmplen = strlen(extra_copy); data/alpine-2.24+dfsg1/pith/adrbklib.c:3841:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). src.size = strlen(srcstr); data/alpine-2.24+dfsg1/pith/adrbklib.c:3845:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf1, (char *) dst.data, buf1len); data/alpine-2.24+dfsg1/pith/adrbklib.c:4117:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(oldnick) + DELETED_LEN + strlen("YY/MM/DD#"); data/alpine-2.24+dfsg1/pith/adrbklib.c:4117:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(oldnick) + DELETED_LEN + strlen("YY/MM/DD#"); data/alpine-2.24+dfsg1/pith/adrbklib.c:5103:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp_20k_buf, filename, SIZEOF_20KBUF); data/alpine-2.24+dfsg1/pith/adrbklib.c:5124:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(book_path, ps_global->pinerc, data/alpine-2.24+dfsg1/pith/adrbklib.c:5130:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(book_path, filename, data/alpine-2.24+dfsg1/pith/adrbklib.c:5131:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(book_path)-1-strlen(book_path)); data/alpine-2.24+dfsg1/pith/bldaddr.c:207:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(tmp, "<", MAX_ADDR_FIELD+3); data/alpine-2.24+dfsg1/pith/bldaddr.c:210:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(tmp, to.arg.str, MAX_ADDR_FIELD+3-strlen(tmp)-1); data/alpine-2.24+dfsg1/pith/bldaddr.c:210:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tmp, to.arg.str, MAX_ADDR_FIELD+3-strlen(tmp)-1); data/alpine-2.24+dfsg1/pith/bldaddr.c:212:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(tmp, to.arg.abe->addr.addr, MAX_ADDR_FIELD+3-strlen(tmp)-1); data/alpine-2.24+dfsg1/pith/bldaddr.c:212:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tmp, to.arg.abe->addr.addr, MAX_ADDR_FIELD+3-strlen(tmp)-1); data/alpine-2.24+dfsg1/pith/bldaddr.c:215:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(tmp, ">", MAX_ADDR_FIELD+3-strlen(tmp)-1); data/alpine-2.24+dfsg1/pith/bldaddr.c:215:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tmp, ">", MAX_ADDR_FIELD+3-strlen(tmp)-1); data/alpine-2.24+dfsg1/pith/bldaddr.c:496:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). domain_length = MAX(localdomain!=NULL ? strlen(localdomain) : (size_t)0, data/alpine-2.24+dfsg1/pith/bldaddr.c:497:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). userdomain!=NULL ? strlen(userdomain) : (size_t)0); data/alpine-2.24+dfsg1/pith/bldaddr.c:510:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(q = tmp_a_string + strlen(tmp_a_string) - 1; data/alpine-2.24+dfsg1/pith/bldaddr.c:589:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(a->host, localdomain, domain_length+1); data/alpine-2.24+dfsg1/pith/bldaddr.c:677:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ps_global->c_client_error, ebuf, 200); data/alpine-2.24+dfsg1/pith/bldaddr.c:690:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ps_global->c_client_error, *error, sizeof(ps_global->c_client_error)); data/alpine-2.24+dfsg1/pith/bldaddr.c:692:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(ps_global->c_client_error, " ", sizeof(ps_global->c_client_error)); data/alpine-2.24+dfsg1/pith/bldaddr.c:705:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(a->host, userdomain, domain_length+1); data/alpine-2.24+dfsg1/pith/bldaddr.c:804:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(tmp)+1; data/alpine-2.24+dfsg1/pith/bldaddr.c:806:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*lcc, tmp, l); data/alpine-2.24+dfsg1/pith/bldaddr.c:808:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(*lcc, ";", l+1-strlen(*lcc)-1); data/alpine-2.24+dfsg1/pith/bldaddr.c:808:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(*lcc, ";", l+1-strlen(*lcc)-1); data/alpine-2.24+dfsg1/pith/bldaddr.c:828:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length += (strlen(*l2) + 1); data/alpine-2.24+dfsg1/pith/bldaddr.c:837:25: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(l1, *l2, length+1-(l1-list)); data/alpine-2.24+dfsg1/pith/bldaddr.c:843:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l1 += strlen(l1); data/alpine-2.24+dfsg1/pith/bldaddr.c:916:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(adr2->personal) + strlen(abe->fullname) + 4; data/alpine-2.24+dfsg1/pith/bldaddr.c:916:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(adr2->personal) + strlen(abe->fullname) + 4; data/alpine-2.24+dfsg1/pith/bldaddr.c:1043:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(tmp)+1; data/alpine-2.24+dfsg1/pith/bldaddr.c:1045:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*lcc, tmp, l); data/alpine-2.24+dfsg1/pith/bldaddr.c:1047:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(*lcc, ";", l+1-strlen(*lcc)-1); data/alpine-2.24+dfsg1/pith/bldaddr.c:1047:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(*lcc, ";", l+1-strlen(*lcc)-1); data/alpine-2.24+dfsg1/pith/bldaddr.c:1089:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(mycopy, phrase, size); data/alpine-2.24+dfsg1/pith/bldaddr.c:1101:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(*mycopy == '"' && mycopy[strlen(mycopy)-1] == '"') data/alpine-2.24+dfsg1/pith/bldaddr.c:1127:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(adr->personal); data/alpine-2.24+dfsg1/pith/bldaddr.c:1198:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((l=strlen(last_fcc_used)) >= strlen(fcc)){ data/alpine-2.24+dfsg1/pith/bldaddr.c:1198:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((l=strlen(last_fcc_used)) >= strlen(fcc)){ data/alpine-2.24+dfsg1/pith/bldaddr.c:1199:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(last_fcc_used, fcc, l+1); data/alpine-2.24+dfsg1/pith/charconv/filesys.c:72:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(converted_fname)+1 > fname_locale_len){ data/alpine-2.24+dfsg1/pith/charconv/filesys.c:76:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fname_locale_len = strlen(converted_fname)+1; data/alpine-2.24+dfsg1/pith/charconv/filesys.c:80:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fname_locale_buf, converted_fname, fname_locale_len); data/alpine-2.24+dfsg1/pith/charconv/filesys.c:125:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(converted_fname)+1 > fname_utf8_len){ data/alpine-2.24+dfsg1/pith/charconv/filesys.c:129:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fname_utf8_len = strlen(converted_fname)+1; data/alpine-2.24+dfsg1/pith/charconv/filesys.c:133:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fname_utf8_buf, converted_fname, fname_utf8_len); data/alpine-2.24+dfsg1/pith/charconv/filesys.c:180:9: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(fp); data/alpine-2.24+dfsg1/pith/charconv/filesys.c:202:10: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(fp); data/alpine-2.24+dfsg1/pith/charconv/filesys.c:331:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((len = strlen(mode) + strlen(force_bom_check)) < sizeof(buf)){ data/alpine-2.24+dfsg1/pith/charconv/filesys.c:331:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((len = strlen(mode) + strlen(force_bom_check)) < sizeof(buf)){ data/alpine-2.24+dfsg1/pith/charconv/filesys.c:350:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((len = strlen(mode) + strlen(force_utf8)) < sizeof(buf)){ data/alpine-2.24+dfsg1/pith/charconv/filesys.c:350:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((len = strlen(mode) + strlen(force_utf8)) < sizeof(buf)){ data/alpine-2.24+dfsg1/pith/charconv/filesys.c:490:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(p); data/alpine-2.24+dfsg1/pith/charconv/filesys.c:492:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pold, p, len+1); data/alpine-2.24+dfsg1/pith/charconv/filesys.c:557:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(p); data/alpine-2.24+dfsg1/pith/charconv/filesys.c:559:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pold, p, len+1); data/alpine-2.24+dfsg1/pith/charconv/filesys.c:685:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(utf8_p); data/alpine-2.24+dfsg1/pith/charconv/filesys.c:687:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(env_cpy, utf8_p, len+1); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:210:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(locale_charmap, charmap, sizeof(locale_charmap)); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:235:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). src.size = strlen(str); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:281:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ret, (char *) result.data, result.size); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:580:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retsize = strlen(utf8src) + 1; data/alpine-2.24+dfsg1/pith/charconv/utf8.c:779:8: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(arg_lptstr); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1034:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). remaining_octets = readptr ? strlen(readptr) : 0; data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1123:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). readptr = src + strlen(src); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1170:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dst, goodreadptr, nb); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1321:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, width_str, MIN(fmt-width_str,sizeof(buf))); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1342:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, width_str, MIN(fmt-width_str,sizeof(buf))); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1387:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). min_field_width = ((field_precision >= 0) ? field_precision : strlen(input_str)) + data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1429:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pdest += strlen(pdest); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1478:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pdest += strlen(pdest); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1484:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pdest += strlen(pdest); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1491:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pdest += strlen(pdest); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1497:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pdest += strlen(pdest); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1572:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). remaining_octets = readptr ? strlen(readptr) : 0; data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1646:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). remaining_octets = readptr ? strlen(readptr) : 0; data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1713:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). remaining_octets = readptr ? strlen(readptr) : 0; data/alpine-2.24+dfsg1/pith/charconv/utf8.c:1931:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define cpstr(s) strcpy((char *)fs_get(1+strlen(s)), s) data/alpine-2.24+dfsg1/pith/charconv/utf8.c:2186:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buf, "ISO-8859-", sizeof(buf)); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:2219:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). src.size = strlen(orig); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:2268:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(buf[whichbuf], "0", sizeof(buf[0])); data/alpine-2.24+dfsg1/pith/charconv/utf8.c:2283:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). b += strlen(b); data/alpine-2.24+dfsg1/pith/charset.c:78:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen((char *) src); data/alpine-2.24+dfsg1/pith/charset.c:155:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (2 * RFC1522_DLIM_L) + strlen(S) + 1); data/alpine-2.24+dfsg1/pith/charset.c:239:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((p = rfc822_qprint((unsigned char *)txt, strlen(txt), &l)) != NULL){ data/alpine-2.24+dfsg1/pith/charset.c:261:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((p = rfc822_base64((unsigned char *) txt, strlen(txt), &l)) != NULL){ data/alpine-2.24+dfsg1/pith/charset.c:272:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(txt), NULL); data/alpine-2.24+dfsg1/pith/charset.c:304:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rfc1522_copy_and_transliterate(rv, &d, len, (unsigned char *) s, strlen(s), NULL); data/alpine-2.24+dfsg1/pith/charset.c:310:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rfc1522_copy_and_transliterate(rv, &d, len, (unsigned char *) s, strlen(s), NULL); data/alpine-2.24+dfsg1/pith/charset.c:335:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ? !strncmp((char *)s + 1, end_str + 1, strlen(end_str + 1)) data/alpine-2.24+dfsg1/pith/charset.c:447:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). src.size = strlen((char *) s); data/alpine-2.24+dfsg1/pith/charset.c:486:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *) (*d), (char *) s, i); data/alpine-2.24+dfsg1/pith/charset.c:926:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 4 * strlen(*strp) + 1; data/alpine-2.24+dfsg1/pith/charset.c:931:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((lensrc=strlen(*strp)) >= (lenresult=strlen(decoded))){ data/alpine-2.24+dfsg1/pith/charset.c:931:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((lensrc=strlen(*strp)) >= (lenresult=strlen(decoded))){ data/alpine-2.24+dfsg1/pith/charset.c:932:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*strp, decoded, lensrc); data/alpine-2.24+dfsg1/pith/color.c:157:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fg, color_to_asciirgb(VAR_NORM_FORE_COLOR), sizeof(fg)); data/alpine-2.24+dfsg1/pith/color.c:158:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bg, color_to_asciirgb(VAR_NORM_BACK_COLOR), sizeof(bg)); data/alpine-2.24+dfsg1/pith/color.c:203:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ins = gf_line_test_new_ins(ins, line + strlen(line), data/alpine-2.24+dfsg1/pith/conf.c:986:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). db += strlen(db); \ data/alpine-2.24+dfsg1/pith/conf.c:1062:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path, p, sizeof(path)-1); data/alpine-2.24+dfsg1/pith/conf.c:1139:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(l_pinerc, buf2, sizeof(l_pinerc)-1); data/alpine-2.24+dfsg1/pith/conf.c:1164:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(l_pinerc, buf, sizeof(l_pinerc)-1); data/alpine-2.24+dfsg1/pith/conf.c:1188:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, buf2, sizeof(buf)-1); data/alpine-2.24+dfsg1/pith/conf.c:1190:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(l_pinerc, buf2, sizeof(l_pinerc)-1); data/alpine-2.24+dfsg1/pith/conf.c:1198:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, buf2, sizeof(buf)-1); data/alpine-2.24+dfsg1/pith/conf.c:1201:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(l_pinerc, buf2, sizeof(l_pinerc)-1); data/alpine-2.24+dfsg1/pith/conf.c:1244:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(l_pinerc, buf, sizeof(l_pinerc)-1); data/alpine-2.24+dfsg1/pith/conf.c:1250:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, buf2, sizeof(buf)-1); data/alpine-2.24+dfsg1/pith/conf.c:1255:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(l_pinerc, buf, sizeof(l_pinerc)-1); data/alpine-2.24+dfsg1/pith/conf.c:1297:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf3, buf, MAXPATH); data/alpine-2.24+dfsg1/pith/conf.c:1301:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, buf3, MAXPATH); data/alpine-2.24+dfsg1/pith/conf.c:1306:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(l_pinerc, buf, MAXPATH); data/alpine-2.24+dfsg1/pith/conf.c:1359:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, ps->pinerc, MIN(p - ps->pinerc, sizeof(buf)-1)); data/alpine-2.24+dfsg1/pith/conf.c:1364:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "NEWSRC", sizeof(buf)-1-strlen(buf)); data/alpine-2.24+dfsg1/pith/conf.c:1364:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "NEWSRC", sizeof(buf)-1-strlen(buf)); data/alpine-2.24+dfsg1/pith/conf.c:1455:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, ps->pinerc, MIN(p - ps->pinerc, sizeof(buf)-1)); data/alpine-2.24+dfsg1/pith/conf.c:1459:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "PINERCEX", sizeof(buf)-1-strlen(buf)); data/alpine-2.24+dfsg1/pith/conf.c:1459:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "PINERCEX", sizeof(buf)-1-strlen(buf)); data/alpine-2.24+dfsg1/pith/conf.c:1531:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, ps->pinerc, MIN(p - ps->pinerc, sizeof(buf)-1)); data/alpine-2.24+dfsg1/pith/conf.c:1535:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, ".pinercex", sizeof(buf)-1-strlen(buf)); data/alpine-2.24+dfsg1/pith/conf.c:1535:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, ".pinercex", sizeof(buf)-1-strlen(buf)); data/alpine-2.24+dfsg1/pith/conf.c:1561:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, ps->pinerc, MIN(p - ps->pinerc, sizeof(buf)-1)); data/alpine-2.24+dfsg1/pith/conf.c:1565:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buf, ps->exceptions, sizeof(buf)-1-strlen(buf)); data/alpine-2.24+dfsg1/pith/conf.c:1565:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, ps->exceptions, sizeof(buf)-1-strlen(buf)); data/alpine-2.24+dfsg1/pith/conf.c:1571:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, ps->exceptions, sizeof(buf)-1); data/alpine-2.24+dfsg1/pith/conf.c:1760:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(ps_global->VAR_OPER_DIR) + strlen(l[i]) < MAXPATH) data/alpine-2.24+dfsg1/pith/conf.c:1760:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(ps_global->VAR_OPER_DIR) + strlen(l[i]) < MAXPATH) data/alpine-2.24+dfsg1/pith/conf.c:1764:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(ps_global->home_dir) + strlen(l[i]) < MAXPATH) data/alpine-2.24+dfsg1/pith/conf.c:1764:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(ps_global->home_dir) + strlen(l[i]) < MAXPATH) data/alpine-2.24+dfsg1/pith/conf.c:1785:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(ps_global->VAR_OPER_DIR) + strlen(l[i]) < MAXPATH) data/alpine-2.24+dfsg1/pith/conf.c:1785:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(ps_global->VAR_OPER_DIR) + strlen(l[i]) < MAXPATH) data/alpine-2.24+dfsg1/pith/conf.c:1789:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(ps_global->home_dir) + strlen(l[i]) < MAXPATH) data/alpine-2.24+dfsg1/pith/conf.c:1789:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(ps_global->home_dir) + strlen(l[i]) < MAXPATH) data/alpine-2.24+dfsg1/pith/conf.c:2166:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(aname, ANSI_PRINTER, sizeof(aname)); data/alpine-2.24+dfsg1/pith/conf.c:2168:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(aname, "-no-formfeed", sizeof(aname)-strlen(aname)-1); data/alpine-2.24+dfsg1/pith/conf.c:2168:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(aname, "-no-formfeed", sizeof(aname)-strlen(aname)-1); data/alpine-2.24+dfsg1/pith/conf.c:2169:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wname, WYSE_PRINTER, sizeof(wname)); data/alpine-2.24+dfsg1/pith/conf.c:2171:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(wname, "-no-formfeed", sizeof(wname)-strlen(wname)-1); data/alpine-2.24+dfsg1/pith/conf.c:2171:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(wname, "-no-formfeed", sizeof(wname)-strlen(wname)-1); data/alpine-2.24+dfsg1/pith/conf.c:2554:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ps->vers_internal, ALPINE_VERSION, sizeof(ps->vers_internal)); data/alpine-2.24+dfsg1/pith/conf.c:2603:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ps_global->pine_pre_vers, VAR_LAST_VERS_USED, data/alpine-2.24+dfsg1/pith/conf.c:4881:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(no_allow, "no-", 3); data/alpine-2.24+dfsg1/pith/conf.c:4882:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(no_allow+3, feature_list_name(F_ALLOW_CHANGING_FROM), sizeof(no_allow)-3-1); data/alpine-2.24+dfsg1/pith/conf.c:4963:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sp = strncmp(src,"LIT:pattern=\"/NICK=", strlen("LIT:pattern=\"/NICK=")) == 0; data/alpine-2.24+dfsg1/pith/conf.c:5215:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dprint((2, "Read %d characters:\n", strlen(file))); data/alpine-2.24+dfsg1/pith/conf.c:5272:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((i = strlen(v->name)) < strlen(line) && !struncmp(v->name,line,i)){ data/alpine-2.24+dfsg1/pith/conf.c:5272:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((i = strlen(v->name)) < strlen(line) && !struncmp(v->name,line,i)){ data/alpine-2.24+dfsg1/pith/conf.c:5578:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(varname); data/alpine-2.24+dfsg1/pith/conf.c:5917:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(var->name) data/alpine-2.24+dfsg1/pith/conf.c:5918:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + (lval[i][0] ? strlen(lval[i]) : 5) > buflen){ data/alpine-2.24+dfsg1/pith/conf.c:5919:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(var->name) data/alpine-2.24+dfsg1/pith/conf.c:5920:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + (lval[i][0] ? strlen(lval[i]) : 5); data/alpine-2.24+dfsg1/pith/conf.c:5935:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(var->name) data/alpine-2.24+dfsg1/pith/conf.c:5936:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + (pval[0] ? strlen(pval) : 5) > buflen){ data/alpine-2.24+dfsg1/pith/conf.c:5937:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(var->name) data/alpine-2.24+dfsg1/pith/conf.c:5938:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + (pval[0] ? strlen(pval) : 5); data/alpine-2.24+dfsg1/pith/conf.c:5970:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen((pline-1)->line) < 3 || data/alpine-2.24+dfsg1/pith/conf.c:6027:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(var->name) data/alpine-2.24+dfsg1/pith/conf.c:6028:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + (lval[i][0] ? strlen(lval[i]) : 5) > buflen){ data/alpine-2.24+dfsg1/pith/conf.c:6029:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(var->name) data/alpine-2.24+dfsg1/pith/conf.c:6030:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + (lval[i][0] ? strlen(lval[i]) : 5); data/alpine-2.24+dfsg1/pith/conf.c:6047:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(pval) > buflen){ data/alpine-2.24+dfsg1/pith/conf.c:6048:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(pval) + 1; data/alpine-2.24+dfsg1/pith/conf.c:6195:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*buf, srcstr, buflen); data/alpine-2.24+dfsg1/pith/conf.c:6217:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). src.size = strlen(srcstr); data/alpine-2.24+dfsg1/pith/conf.c:6221:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*buf, (char *) dst.data, buflen); data/alpine-2.24+dfsg1/pith/conf.c:6229:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*buf, srcstr, buflen); data/alpine-2.24+dfsg1/pith/conf.c:6386:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). }else if(strlen(var->global_val.p) == 0){ data/alpine-2.24+dfsg1/pith/conf.c:6494:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). }else if(strlen(var->main_user_val.p) == 0){ data/alpine-2.24+dfsg1/pith/conf.c:6974:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen("/HDR=/FG=/BG=") + strlen(spec ? spec : "") + data/alpine-2.24+dfsg1/pith/conf.c:6974:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen("/HDR=/FG=/BG=") + strlen(spec ? spec : "") + data/alpine-2.24+dfsg1/pith/conf.c:6975:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(fg ? fg : "") + strlen(bg ? bg : "") + data/alpine-2.24+dfsg1/pith/conf.c:6975:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(fg ? fg : "") + strlen(bg ? bg : "") + data/alpine-2.24+dfsg1/pith/conf.c:6976:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(val ? "/VAL=" : "") + strlen(val ? val : ""); data/alpine-2.24+dfsg1/pith/conf.c:6976:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(val ? "/VAL=" : "") + strlen(val ? val : ""); data/alpine-2.24+dfsg1/pith/conf.c:7596:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). start = p + strlen("INIT="); data/alpine-2.24+dfsg1/pith/conf.c:7612:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). start = p + strlen("TRAILER="); data/alpine-2.24+dfsg1/pith/conf.c:7804:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf1, sizeof(buf1), "%.*s", (int) MAX(SIZEOFBUF - 1 - strlen(message), 0), arg); data/alpine-2.24+dfsg1/pith/conf.c:8263:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(aname, ANSI_PRINTER, sizeof(aname)); data/alpine-2.24+dfsg1/pith/conf.c:8265:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(aname, "-no-formfeed", sizeof(aname)-strlen(aname)-1); data/alpine-2.24+dfsg1/pith/conf.c:8265:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(aname, "-no-formfeed", sizeof(aname)-strlen(aname)-1); data/alpine-2.24+dfsg1/pith/conf.c:8266:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wname, WYSE_PRINTER, sizeof(wname)); data/alpine-2.24+dfsg1/pith/conf.c:8268:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(wname, "-no-formfeed", sizeof(wname)-strlen(wname)-1); data/alpine-2.24+dfsg1/pith/conf.c:8268:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(wname, "-no-formfeed", sizeof(wname)-strlen(wname)-1); data/alpine-2.24+dfsg1/pith/conf.c:8408:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp[strlen(tmp)-2] = '\0'; data/alpine-2.24+dfsg1/pith/conf.c:8566:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(p+3, transformed_color(p+3), 8); data/alpine-2.24+dfsg1/pith/conf.c:8573:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(p+3, transformed_color(p+3), 8); data/alpine-2.24+dfsg1/pith/conf.c:8603:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(p+3, transformed_color(p+3), 8); data/alpine-2.24+dfsg1/pith/conf.c:8610:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(p+3, transformed_color(p+3), 8); data/alpine-2.24+dfsg1/pith/context.c:66:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(scontext, "%s", len); /* folder names as is. */ data/alpine-2.24+dfsg1/pith/context.c:188:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(b, name, len-1); /* no context! */ data/alpine-2.24+dfsg1/pith/context.c:195:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(b+strlen(b), len-strlen(b), "%.*s", (int)(len-1-strlen(b)), name); data/alpine-2.24+dfsg1/pith/context.c:195:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(b+strlen(b), len-strlen(b), "%.*s", (int)(len-1-strlen(b)), name); data/alpine-2.24+dfsg1/pith/context.c:195:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(b+strlen(b), len-strlen(b), "%.*s", (int)(len-1-strlen(b)), name); data/alpine-2.24+dfsg1/pith/context.c:198:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(b, name, len-1); data/alpine-2.24+dfsg1/pith/context.c:204:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(b+strlen(b), len-strlen(b), "%.*s", (int) (len-1-strlen(b)), name); data/alpine-2.24+dfsg1/pith/context.c:204:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(b+strlen(b), len-strlen(b), "%.*s", (int) (len-1-strlen(b)), name); data/alpine-2.24+dfsg1/pith/context.c:204:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(b+strlen(b), len-strlen(b), "%.*s", (int) (len-1-strlen(b)), name); data/alpine-2.24+dfsg1/pith/context.c:215:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(c->context) + strlen(name) < len) data/alpine-2.24+dfsg1/pith/context.c:215:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(c->context) + strlen(name) < len) data/alpine-2.24+dfsg1/pith/context.c:221:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(pq)+strlen(name); data/alpine-2.24+dfsg1/pith/context.c:221:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(pq)+strlen(name); data/alpine-2.24+dfsg1/pith/context.c:224:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(b, t, len-1); data/alpine-2.24+dfsg1/pith/context.c:256:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pq = (char *) fs_get((2*strlen(context) + 1) * sizeof(char)); data/alpine-2.24+dfsg1/pith/context.c:321:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_this = (char *)fs_get(strlen(p) + 200); data/alpine-2.24+dfsg1/pith/context.c:322:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(free_this, p, strlen(p)+200); data/alpine-2.24+dfsg1/pith/context.c:322:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(free_this, p, strlen(p)+200); data/alpine-2.24+dfsg1/pith/context.c:323:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fnexpand(free_this, strlen(p)+200); data/alpine-2.24+dfsg1/pith/context.c:327:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_this = p = (char *)fs_get(strlen(s) data/alpine-2.24+dfsg1/pith/context.c:328:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(ps_global->home_dir) + 2); data/alpine-2.24+dfsg1/pith/context.c:330:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(s)+strlen(ps_global->home_dir)+2); data/alpine-2.24+dfsg1/pith/context.c:330:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(s)+strlen(ps_global->home_dir)+2); data/alpine-2.24+dfsg1/pith/context.c:605:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(s = tmp, "INBOX", sizeof(tmp)); /* presume "inbox" ala c-client */ data/alpine-2.24+dfsg1/pith/detach.c:116:69: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). frd->chunk = pine_mail_fetch_text(stream, msg_no, NULL, &frd->read, 0); data/alpine-2.24+dfsg1/pith/detach.c:117:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). frd->endp = &frd->chunk[frd->read]; data/alpine-2.24+dfsg1/pith/detach.c:296:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(err_string, data/alpine-2.24+dfsg1/pith/detach.c:410:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(*test == '_' && (i = strlen(test)) > 10 data/alpine-2.24+dfsg1/pith/detach.c:509:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return((*s1) ? (!strncmp(s1, s2, strlen(s2)) ? 1 : -1) : 0); data/alpine-2.24+dfsg1/pith/detach.c:519:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return(!strncmp(s1, s2, strlen(s2))); data/alpine-2.24+dfsg1/pith/detach.c:552:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(cpath) + strlen(&(*cmd)[i]); data/alpine-2.24+dfsg1/pith/detach.c:552:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(cpath) + strlen(&(*cmd)[i]); data/alpine-2.24+dfsg1/pith/detach.c:554:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(p, cpath, l); /* copy new path */ data/alpine-2.24+dfsg1/pith/detach.c:556:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(p, &(*cmd)[i], l+1-1-strlen(p)); /* and old args */ data/alpine-2.24+dfsg1/pith/detach.c:556:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(p, &(*cmd)[i], l+1-1-strlen(p)); /* and old args */ data/alpine-2.24+dfsg1/pith/detach.c:566:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(cpath) + strlen(&(*cmd)[i]); data/alpine-2.24+dfsg1/pith/detach.c:566:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(cpath) + strlen(&(*cmd)[i]); data/alpine-2.24+dfsg1/pith/detach.c:568:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(p, cpath, l); /* copy new path */ data/alpine-2.24+dfsg1/pith/detach.c:570:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(p, &(*cmd)[i], l+1-1-strlen(p)); /* and old args */ data/alpine-2.24+dfsg1/pith/detach.c:570:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(p, &(*cmd)[i], l+1-1-strlen(p)); /* and old args */ data/alpine-2.24+dfsg1/pith/detach.c:642:61: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). frd->chunk = mail_fetch_body(stream, msgno, section, &frd->read, flags); data/alpine-2.24+dfsg1/pith/detach.c:650:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if(size != frd->read){ data/alpine-2.24+dfsg1/pith/detach.c:653:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). frd->size, frd->read)); data/alpine-2.24+dfsg1/pith/detach.c:656:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). frd->size = MIN(size, frd->read); data/alpine-2.24+dfsg1/pith/detach.c:657:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). frd->endp = &frd->chunk[frd->read]; data/alpine-2.24+dfsg1/pith/detach.c:660:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). frd->endp = &frd->chunk[frd->read]; data/alpine-2.24+dfsg1/pith/detach.c:727:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(g_fr_desc->read < g_fr_desc->size){ data/alpine-2.24+dfsg1/pith/detach.c:775:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). MIN(g_fr_desc->size - g_fr_desc->read, g_fr_desc->chunksize); data/alpine-2.24+dfsg1/pith/detach.c:789:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). save_read = g_fr_desc->read; data/alpine-2.24+dfsg1/pith/detach.c:793:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). g_fr_desc->section, g_fr_desc->read, data/alpine-2.24+dfsg1/pith/detach.c:814:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). g_fr_desc->size = g_fr_desc->read; data/alpine-2.24+dfsg1/pith/detach.h:38:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). unsigned long read, /* bytes read so far */ data/alpine-2.24+dfsg1/pith/detoken.c:272:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += (strlen(pt->name) + 2); /* skip over token */ data/alpine-2.24+dfsg1/pith/detoken.c:280:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(subbuf+1, pt->name, sizeof(subbuf)-2); data/alpine-2.24+dfsg1/pith/detoken.c:282:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(subbuf, "_", sizeof(subbuf)-strlen(subbuf)-1); data/alpine-2.24+dfsg1/pith/detoken.c:282:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(subbuf, "_", sizeof(subbuf)-strlen(subbuf)-1); data/alpine-2.24+dfsg1/pith/detoken.c:290:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(dst); data/alpine-2.24+dfsg1/pith/detoken.c:320:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cnt += (long)strlen(repl); data/alpine-2.24+dfsg1/pith/detoken.c:322:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(q, repl, cnt-(q-dst)); data/alpine-2.24+dfsg1/pith/detoken.c:324:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q += strlen(repl); data/alpine-2.24+dfsg1/pith/detoken.c:400:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (*redraft_pos)->offset = strlen(dst); data/alpine-2.24+dfsg1/pith/detoken.c:522:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = ret = (char *)fs_get((strlen(src) + 1) * sizeof(char)); data/alpine-2.24+dfsg1/pith/editorial.c:63:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gf_set_readc(&gc, s, strlen(s), CharStar, 0); data/alpine-2.24+dfsg1/pith/editorial.c:84:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(es.postfix, " ]", sizeof(es.postfix)); data/alpine-2.24+dfsg1/pith/editorial.c:93:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(es.postfix, " ]", sizeof(es.postfix)); data/alpine-2.24+dfsg1/pith/editorial.c:98:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(es.prefix, "[", sizeof(es.prefix)); data/alpine-2.24+dfsg1/pith/editorial.c:100:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(es.postfix, "]", sizeof(es.postfix)); data/alpine-2.24+dfsg1/pith/editorial.c:153:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(quote_color_embed, data/alpine-2.24+dfsg1/pith/editorial.c:169:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(normal_embed, data/alpine-2.24+dfsg1/pith/editorial.c:184:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(p) > strlen(quote_color_embed)) data/alpine-2.24+dfsg1/pith/editorial.c:184:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(p) > strlen(quote_color_embed)) data/alpine-2.24+dfsg1/pith/editorial.c:185:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rplstr(p, strlen(p)+1, strlen(quote_color_embed), quote_color_embed); data/alpine-2.24+dfsg1/pith/editorial.c:185:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rplstr(p, strlen(p)+1, strlen(quote_color_embed), quote_color_embed); data/alpine-2.24+dfsg1/pith/editorial.c:188:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ins = gf_line_test_new_ins(ins, line+strlen(line), data/alpine-2.24+dfsg1/pith/editorial.c:194:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ins = gf_line_test_new_ins(ins, line + strlen(line), data/alpine-2.24+dfsg1/pith/escapes.c:66:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(p = known_escapes; *p && strncmp(esc_seq, *p, n = strlen(*p)); p++) data/alpine-2.24+dfsg1/pith/filter.c:211:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cb, color_to_asciirgb((C)->fg), sizeof(cb)); \ data/alpine-2.24+dfsg1/pith/filter.c:218:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cb, color_to_asciirgb((C)->bg), sizeof(cb)); \ data/alpine-2.24+dfsg1/pith/filter.c:3078:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(HD(F)->el_data->element));\ data/alpine-2.24+dfsg1/pith/filter.c:4495:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(buf); data/alpine-2.24+dfsg1/pith/filter.c:4504:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(alt && strlen(alt) < 256){ /* arbitrary "reasonable" limit */ data/alpine-2.24+dfsg1/pith/filter.c:4505:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HTML_DUMP_LIT(hd->html_data, alt, strlen(alt)); data/alpine-2.24+dfsg1/pith/filter.c:4513:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HTML_DUMP_LIT(hd->html_data, s, strlen(s)); data/alpine-2.24+dfsg1/pith/filter.c:4934:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf + strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/pith/filter.c:4935:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SIZEOF_20KBUF - strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/pith/filter.c:5083:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HD(hd->html_data)->prefix[x++] = n = strlen(buf); data/alpine-2.24+dfsg1/pith/filter.c:5409:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(len + strlen(rel_path) < sizeof(tmp)-1){ data/alpine-2.24+dfsg1/pith/filter.c:5413:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp + len, rel_path, sizeof(tmp)-len); data/alpine-2.24+dfsg1/pith/filter.c:5519:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (scheme ? strlen(scheme) : 0) + (net ? strlen(net) : 0) data/alpine-2.24+dfsg1/pith/filter.c:5519:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (scheme ? strlen(scheme) : 0) + (net ? strlen(net) : 0) data/alpine-2.24+dfsg1/pith/filter.c:5520:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + (path ? strlen(path) : 0) + (parms ? strlen(parms) : 0) data/alpine-2.24+dfsg1/pith/filter.c:5520:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + (path ? strlen(path) : 0) + (parms ? strlen(parms) : 0) data/alpine-2.24+dfsg1/pith/filter.c:5521:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + (query ? strlen(query) : 0) + (frag ? strlen(frag ) : 0) + 8; data/alpine-2.24+dfsg1/pith/filter.c:5521:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + (query ? strlen(query) : 0) + (frag ? strlen(frag ) : 0) + 8; data/alpine-2.24+dfsg1/pith/filter.c:5812:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buf, " ", sizeof(buf)); data/alpine-2.24+dfsg1/pith/filter.c:5830:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buf, " ->", sizeof(buf)); data/alpine-2.24+dfsg1/pith/filter.c:7224:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len_name = strlen(el_name); data/alpine-2.24+dfsg1/pith/filter.c:7651:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((len = strlen(buf)) && buf[len-1] == '\n'){ data/alpine-2.24+dfsg1/pith/filter.c:8793:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). html_putc(f, (int) strlen(buf)); data/alpine-2.24+dfsg1/pith/filter.c:9079:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s[strlen(s)-1] == '\"') data/alpine-2.24+dfsg1/pith/filter.c:9080:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s[strlen(s)-1] = '>'; data/alpine-2.24+dfsg1/pith/filter.c:9082:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(s); data/alpine-2.24+dfsg1/pith/filter.c:9107:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(imgfile, param->value, sizeof(imgfile)); data/alpine-2.24+dfsg1/pith/filter.c:9598:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(sbp) >= x) data/alpine-2.24+dfsg1/pith/filter.c:9605:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(sbp) >= RGBLEN) data/alpine-2.24+dfsg1/pith/filter.c:10536:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(WRAP_COLOR(f)->fg, s+1, RGBLEN); data/alpine-2.24+dfsg1/pith/filter.c:10552:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(WRAP_COLOR(f)->bg, s+1, RGBLEN); data/alpine-2.24+dfsg1/pith/filter.c:10614:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cb, color_to_asciirgb(ps_global->VAR_NORM_FORE_COLOR), sizeof(cb)); data/alpine-2.24+dfsg1/pith/filter.c:10621:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cb, color_to_asciirgb(ps_global->VAR_NORM_BACK_COLOR), sizeof(cb)); data/alpine-2.24+dfsg1/pith/filter.c:10658:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cbuf, data/alpine-2.24+dfsg1/pith/filter.c:10667:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cbuf, data/alpine-2.24+dfsg1/pith/filter.c:10704:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cb, color_to_asciirgb(WRAP_COLOR(f)->fg), sizeof(cb)); data/alpine-2.24+dfsg1/pith/filter.c:10714:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cb, color_to_asciirgb(WRAP_COLOR(f)->bg), sizeof(cb)); data/alpine-2.24+dfsg1/pith/filter.c:10726:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). GF_PUTC_GLO(f->next, (int) strlen(buf)); data/alpine-2.24+dfsg1/pith/filter.c:11418:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((*ins)->text = (char *) fs_get(n * sizeof(char)), s, n); data/alpine-2.24+dfsg1/pith/flag.c:210:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (*slpp)->text.size = (unsigned long) strlen(FORWARDED_FLAG); data/alpine-2.24+dfsg1/pith/flag.c:304:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (*slpp)->text.size = (unsigned long) strlen(FORWARDED_FLAG); data/alpine-2.24+dfsg1/pith/folder.c:121:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(tmp, dir, sizeof(tmp)-1-strlen(tmp)); data/alpine-2.24+dfsg1/pith/folder.c:121:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tmp, dir, sizeof(tmp)-1-strlen(tmp)); data/alpine-2.24+dfsg1/pith/folder.c:301:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(file)+strlen("inbox"); data/alpine-2.24+dfsg1/pith/folder.c:301:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(file)+strlen("inbox"); data/alpine-2.24+dfsg1/pith/folder.c:330:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(parms.args.reference = reference, data/alpine-2.24+dfsg1/pith/folder.c:411:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(((EXISTDATA_S *)data)->args.reference)) data/alpine-2.24+dfsg1/pith/folder.c:413:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(((EXISTDATA_S *) data)->args.name)))){ data/alpine-2.24+dfsg1/pith/folder.c:417:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ? strlen(stream->mailbox) : 0) data/alpine-2.24+dfsg1/pith/folder.c:418:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(((EXISTDATA_S *) data)->args.reference) data/alpine-2.24+dfsg1/pith/folder.c:419:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(((EXISTDATA_S *) data)->args.name) data/alpine-2.24+dfsg1/pith/folder.c:420:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(mailbox)) * sizeof(char); data/alpine-2.24+dfsg1/pith/folder.c:435:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*((EXISTDATA_S *) data)->fullname, data/alpine-2.24+dfsg1/pith/folder.c:442:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(p, mailbox, alloclen-(p-(*((EXISTDATA_S *) data)->fullname))); data/alpine-2.24+dfsg1/pith/folder.c:496:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, cntxt->context, data/alpine-2.24+dfsg1/pith/folder.c:499:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&tmp[MIN((p - cntxt->context) + 1, sizeof(tmp)/2)], data/alpine-2.24+dfsg1/pith/folder.c:500:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name, sizeof(tmp)/2-strlen(tmp)); data/alpine-2.24+dfsg1/pith/folder.c:508:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, name, MIN(p - name, MAILTMPLEN)); data/alpine-2.24+dfsg1/pith/folder.c:675:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). f->name_len = strlen(f->nickname); data/alpine-2.24+dfsg1/pith/folder.c:748:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). f->name_len = strlen(f->nickname); data/alpine-2.24+dfsg1/pith/folder.c:811:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(view)+2; data/alpine-2.24+dfsg1/pith/folder.c:1004:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(response.args.reference = reference, data/alpine-2.24+dfsg1/pith/folder.c:1165:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fullname, ld->args.reference, sizeof(fullname)-1); data/alpine-2.24+dfsg1/pith/folder.c:1171:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(fullname, mailbox, sizeof(fullname)-strlen(fullname)-1); data/alpine-2.24+dfsg1/pith/folder.c:1171:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(fullname, mailbox, sizeof(fullname)-strlen(fullname)-1); data/alpine-2.24+dfsg1/pith/folder.c:1431:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). boxlen = strlen(*mailbox); data/alpine-2.24+dfsg1/pith/folder.c:1432:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reflen = ref ? strlen(ref) : 0; data/alpine-2.24+dfsg1/pith/folder.c:1433:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). taillen = tail ? strlen(tail) : 0; data/alpine-2.24+dfsg1/pith/folder.c:1585:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!strncmp(fn, pat, strlen(pat))){ data/alpine-2.24+dfsg1/pith/folder.c:1594:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, fn, sizeof(tmp)-1); data/alpine-2.24+dfsg1/pith/folder.c:1616:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pat, fn, namelen-(pat-name)); data/alpine-2.24+dfsg1/pith/folder.c:1619:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name[i = strlen(name)] = context->dir->delim; data/alpine-2.24+dfsg1/pith/folder.c:1624:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pat, tmp, namelen-(pat-name)); data/alpine-2.24+dfsg1/pith/folder.c:1679:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t l = strlen(name); data/alpine-2.24+dfsg1/pith/folder.c:1683:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp->name, name, l); data/alpine-2.24+dfsg1/pith/help.c:66:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ourbuf, h_revision[0], sizeof(ourbuf)-1); data/alpine-2.24+dfsg1/pith/help.c:91:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, rev, MIN(p-rev, nbuf-1)); data/alpine-2.24+dfsg1/pith/help.c:111:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ourbuf, h_revision[0], sizeof(ourbuf)-1); data/alpine-2.24+dfsg1/pith/help.c:128:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, rev, MIN(p-rev, nbuf-1)); data/alpine-2.24+dfsg1/pith/help.c:318:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rmjoarray[rmjolast].message, p, MIN(q-p,RMMSGLEN)); data/alpine-2.24+dfsg1/pith/help.c:321:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rmjoarray[rmjolast].timestamp, debug_time(0,1,ps_global->signal_in_progress), RMTIMLEN); data/alpine-2.24+dfsg1/pith/help.c:339:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rmloarray[rmlolast].message, p, MIN(q-p,RMMSGLEN)); data/alpine-2.24+dfsg1/pith/help.c:342:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rmloarray[rmlolast].timestamp, debug_time(0,1,ps_global->signal_in_progress), RMTIMLEN); data/alpine-2.24+dfsg1/pith/help.c:360:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rmhiarray[rmhilast].message, p, MIN(q-p,RMMSGLEN)); data/alpine-2.24+dfsg1/pith/help.c:363:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rmhiarray[rmhilast].timestamp, debug_time(0,1,ps_global->signal_in_progress), RMTIMLEN); data/alpine-2.24+dfsg1/pith/help_c_gen.c:184:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(rawline); data/alpine-2.24+dfsg1/pith/help_c_gen.c:259:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name); data/alpine-2.24+dfsg1/pith/help_c_gen.c:261:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new->name, name, len); data/alpine-2.24+dfsg1/pith/helpindx.c:87:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/alpine-2.24+dfsg1/pith/hist.c:106:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(history->hist[history->origindex]->str) < (l=strlen(savethis))) data/alpine-2.24+dfsg1/pith/hist.c:106:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(history->hist[history->origindex]->str) < (l=strlen(savethis))) data/alpine-2.24+dfsg1/pith/hist.c:109:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(history->hist[history->origindex]->str, savethis, l+1); data/alpine-2.24+dfsg1/pith/hist.c:170:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(history->hist[history->origindex]->str) < (l=strlen(savethis))) data/alpine-2.24+dfsg1/pith/hist.c:170:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(history->hist[history->origindex]->str) < (l=strlen(savethis))) data/alpine-2.24+dfsg1/pith/hist.c:173:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(history->hist[history->origindex]->str, savethis, l+1); data/alpine-2.24+dfsg1/pith/icache.c:376:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). head->datalen = strlen(head->data); data/alpine-2.24+dfsg1/pith/icache.c:382:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). head->freeprintf = strlen(head->print_format) + 1; data/alpine-2.24+dfsg1/pith/ical.c:243:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = rfc822_qprint ((unsigned char *) text,strlen(text),&callen); data/alpine-2.24+dfsg1/pith/ical.c:245:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen(text) + 1; data/alpine-2.24+dfsg1/pith/ical.c:246:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(text, (char *) t, tlen); data/alpine-2.24+dfsg1/pith/ical.c:271:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen(*textp) + 1; /* and record its size */ data/alpine-2.24+dfsg1/pith/ical.c:300:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*textp, t, tlen); /* overwrite given text with filtered text */ data/alpine-2.24+dfsg1/pith/ical.c:311:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(piece, text, 49); data/alpine-2.24+dfsg1/pith/ical.c:785:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!struncmp(*text, token, strlen(token))){ data/alpine-2.24+dfsg1/pith/ical.c:1347:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). token = fs_get(strlen(ical->comp) + 2 + 1); data/alpine-2.24+dfsg1/pith/ical.c:1388:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!struncmp(s, token, strlen(token))){ data/alpine-2.24+dfsg1/pith/ical.c:1389:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *text = s + strlen(token); data/alpine-2.24+dfsg1/pith/ical.c:1461:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(name); data/alpine-2.24+dfsg1/pith/ical.c:1553:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(t); data/alpine-2.24+dfsg1/pith/ical.c:1891:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(icl->value[strlen(icl->value)-1] == 'Z') data/alpine-2.24+dfsg1/pith/ical.c:2277:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(tmp, _("Error while parsing event date"), sizeof(tmp)); data/alpine-2.24+dfsg1/pith/ical.c:2284:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(tmp) + 1; data/alpine-2.24+dfsg1/pith/ical.c:2287:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(tzid) + 3; /* 3 = strlen(" ()") */ data/alpine-2.24+dfsg1/pith/ical.c:2314:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). utf8_snprintf(tmp+strlen(tmp), MAILTMPLEN - strlen(tmp), data/alpine-2.24+dfsg1/pith/ical.c:2314:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). utf8_snprintf(tmp+strlen(tmp), MAILTMPLEN - strlen(tmp), data/alpine-2.24+dfsg1/pith/ical.c:2317:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). utf8_snprintf(tmp+strlen(tmp), MAILTMPLEN - strlen(tmp), data/alpine-2.24+dfsg1/pith/ical.c:2317:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). utf8_snprintf(tmp+strlen(tmp), MAILTMPLEN - strlen(tmp), data/alpine-2.24+dfsg1/pith/ical.c:2320:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). utf8_snprintf(tmp+strlen(tmp), MAILTMPLEN - strlen(tmp), data/alpine-2.24+dfsg1/pith/ical.c:2320:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). utf8_snprintf(tmp+strlen(tmp), MAILTMPLEN - strlen(tmp), data/alpine-2.24+dfsg1/pith/ical.c:2323:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). utf8_snprintf(tmp+strlen(tmp), MAILTMPLEN - strlen(tmp), data/alpine-2.24+dfsg1/pith/ical.c:2323:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). utf8_snprintf(tmp+strlen(tmp), MAILTMPLEN - strlen(tmp), data/alpine-2.24+dfsg1/pith/ical.c:2326:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). utf8_snprintf(tmp+strlen(tmp), MAILTMPLEN - strlen(tmp), data/alpine-2.24+dfsg1/pith/ical.c:2326:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). utf8_snprintf(tmp+strlen(tmp), MAILTMPLEN - strlen(tmp), data/alpine-2.24+dfsg1/pith/ical.c:2365:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(tmp, _("Error while parsing event date"), sizeof(tmp)); data/alpine-2.24+dfsg1/pith/ical.c:2372:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(tmp) + 1; data/alpine-2.24+dfsg1/pith/ical.c:2375:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(tzid) + 3; /* 3 = strlen(" ()") */ data/alpine-2.24+dfsg1/pith/ical.c:2413:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(tmp, _("Error while parsing event date"), sizeof(tmp)); data/alpine-2.24+dfsg1/pith/ical.c:2419:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(tmp) + 1; data/alpine-2.24+dfsg1/pith/ical.c:2422:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(tzid) + 3; /* 3 = strlen(" ()") */ data/alpine-2.24+dfsg1/pith/ical.c:2479:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(icl->value && !struncmp(icl->value, "MAILTO:", strlen("MAILTO:"))) data/alpine-2.24+dfsg1/pith/imap.c:559:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(p) > 63000){ data/alpine-2.24+dfsg1/pith/imap.c:919:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = authtype ? strlen(authtype) : 0; data/alpine-2.24+dfsg1/pith/imap.c:1001:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = authtype ? strlen(authtype) : 0; data/alpine-2.24+dfsg1/pith/imap.c:1040:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). authlen = authtype ? strlen(authtype) : 0; data/alpine-2.24+dfsg1/pith/imap.c:1062:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(passwd); data/alpine-2.24+dfsg1/pith/imap.c:1068:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((*l)->passwd, passwd, len+1); data/alpine-2.24+dfsg1/pith/imap.c:1074:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (*l)->user = fs_get(strlen(user) + authlen + offset + 1); data/alpine-2.24+dfsg1/pith/imap.c:1183:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path, ps_global->passfile, len-1); data/alpine-2.24+dfsg1/pith/init.c:138:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(ps->home_dir) + strlen(ps->VAR_MAIL_DIRECTORY)+2 > MAXPATH){ data/alpine-2.24+dfsg1/pith/init.c:138:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(ps->home_dir) + strlen(ps->VAR_MAIL_DIRECTORY)+2 > MAXPATH){ data/alpine-2.24+dfsg1/pith/init.c:146:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fld_dir, ps->VAR_MAIL_DIRECTORY, sizeof(fld_dir)-1); data/alpine-2.24+dfsg1/pith/init.c:268:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(tmp_20k_buf, data/alpine-2.24+dfsg1/pith/init.c:369:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((folder_base_len = strlen(folder_base)) == 0 || !list_cntxt){ data/alpine-2.24+dfsg1/pith/init.c:378:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). folder_base_len = strlen(searchname) - 1; data/alpine-2.24+dfsg1/pith/init.c:519:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(spath, oldpath, sizeof(spath)-1); data/alpine-2.24+dfsg1/pith/init.c:553:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t snl = strlen(sname); data/alpine-2.24+dfsg1/pith/init.c:555:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sbuf, sname, len-1); data/alpine-2.24+dfsg1/pith/init.c:560:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(ps_global->VAR_OPER_DIR) + snl < len - 1) data/alpine-2.24+dfsg1/pith/init.c:563:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(strlen(ps_global->home_dir) + snl < len - 1) data/alpine-2.24+dfsg1/pith/init.c:645:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(h->dir) + strlen(ps_global->html_dir) + 3 < MAXPATH){ data/alpine-2.24+dfsg1/pith/init.c:645:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(h->dir) + strlen(ps_global->html_dir) + 3 < MAXPATH){ data/alpine-2.24+dfsg1/pith/init.c:654:88: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf, sizeof(buf), "%s%s*.*", ps_global->html_dir, (ps_global->html_dir[strlen(ps_global->html_dir)-1] == '\\') ? "" : "\\"); data/alpine-2.24+dfsg1/pith/init.c:663:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(h->dir) + strlen(fname) + 3 < MAXPATH){ data/alpine-2.24+dfsg1/pith/init.c:663:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(h->dir) + strlen(fname) + 3 < MAXPATH){ data/alpine-2.24+dfsg1/pith/keyword.c:268:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen("\\DELETED") + 1; data/alpine-2.24+dfsg1/pith/keyword.c:271:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen("\\ANSWERED") + 1; data/alpine-2.24+dfsg1/pith/keyword.c:274:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(FORWARDED_FLAG) + 1; data/alpine-2.24+dfsg1/pith/keyword.c:277:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen("\\FLAGGED") + 1; data/alpine-2.24+dfsg1/pith/keyword.c:280:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen("\\SEEN") + 1; data/alpine-2.24+dfsg1/pith/keyword.c:286:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(q) + 1; data/alpine-2.24+dfsg1/pith/keyword.c:318:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(p) + 1; data/alpine-2.24+dfsg1/pith/keyword.c:350:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pgm->message_id->text.size = strlen(message_id); data/alpine-2.24+dfsg1/pith/ldap.c:505:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!strncmp(tls_conf, SMIME_SSLCERTS, strlen(SMIME_SSLCERTS))) data/alpine-2.24+dfsg1/pith/ldap.c:533:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf + strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/pith/ldap.c:534:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SIZEOF_20KBUF - strlen(tmp_20k_buf), "%s://%s", data/alpine-2.24+dfsg1/pith/ldap.c:537:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf + strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/pith/ldap.c:538:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SIZEOF_20KBUF - strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/pith/ldap.c:544:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp_20k_buf + strlen(tmp_20k_buf), data/alpine-2.24+dfsg1/pith/ldap.c:545:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SIZEOF_20KBUF - strlen(tmp_20k_buf), "%s", " "); data/alpine-2.24+dfsg1/pith/ldap.c:661:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). passwd.bv_len = strlen(pwd); data/alpine-2.24+dfsg1/pith/ldap.c:741:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filt_template, info->cust, sizeof(filt_template)); data/alpine-2.24+dfsg1/pith/ldap.c:834:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(filt_format) + strlen(cust->filt) + 3; data/alpine-2.24+dfsg1/pith/ldap.c:834:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(filt_format) + strlen(cust->filt) + 3; data/alpine-2.24+dfsg1/pith/ldap.c:837:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filt_format, combined, sizeof(filt_format)); data/alpine-2.24+dfsg1/pith/ldap.c:849:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(scp, string, sizeof(scp)); data/alpine-2.24+dfsg1/pith/ldap.c:865:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(scp); data/alpine-2.24+dfsg1/pith/ldap.c:866:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flen = strlen(filt_format); data/alpine-2.24+dfsg1/pith/ldap.c:1256:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(orig); data/alpine-2.24+dfsg1/pith/mailcap.c:112:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp_20k_buf+1000, ps_global->pinerc, MIN(s - ps_global->pinerc,SIZEOF_20KBUF-1000)); data/alpine-2.24+dfsg1/pith/mailcap.c:116:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(tmp_20k_buf+1000, ".\\", SIZEOF_20KBUF-1000); data/alpine-2.24+dfsg1/pith/mailcap.c:233:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void)strncpy(filebuf, file, MAXPATH); data/alpine-2.24+dfsg1/pith/mailcap.c:588:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(e2b.from.ext) < sizeof(tmp_ext) - 2){ data/alpine-2.24+dfsg1/pith/mailcap.c:589:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ext = tmp_ext, e2b.from.ext - 1, sizeof(tmp_ext)); /* remember it */ data/alpine-2.24+dfsg1/pith/mailcap.c:593:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(subtype = tmp_subtype, e2b.to.mime.subtype, data/alpine-2.24+dfsg1/pith/mailcap.c:649:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(type_name); data/alpine-2.24+dfsg1/pith/mailcmd.c:193:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(prompt, rv, sizeof(prompt) - strlen(prompt)- 1); data/alpine-2.24+dfsg1/pith/mailcmd.c:193:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(prompt, rv, sizeof(prompt) - strlen(prompt)- 1); data/alpine-2.24+dfsg1/pith/mailcmd.c:553:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(expanded_file, newfolder, sizeof(expanded_file)); data/alpine-2.24+dfsg1/pith/mailcmd.c:558:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(expanded_file, p, sizeof(expanded_file)); data/alpine-2.24+dfsg1/pith/mailcmd.c:665:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ps_global->cur_folder, p, sizeof(ps_global->cur_folder)-1); data/alpine-2.24+dfsg1/pith/mailcmd.c:758:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(status_msg, pretty_fn(fname ? (char *) fname : newfolder), data/alpine-2.24+dfsg1/pith/mailcmd.c:759:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(status_msg)-strlen(status_msg) - 2); data/alpine-2.24+dfsg1/pith/mailcmd.c:762:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(status_msg, "\"", sizeof(status_msg)-strlen(status_msg) - 1); data/alpine-2.24+dfsg1/pith/mailcmd.c:762:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(status_msg, "\"", sizeof(status_msg)-strlen(status_msg) - 1); data/alpine-2.24+dfsg1/pith/mailcmd.c:835:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ps_global->cur_folder, p, data/alpine-2.24+dfsg1/pith/mailcmd.c:976:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ps_global->cur_folder, data/alpine-2.24+dfsg1/pith/mailcmd.c:1312:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(temp_filename, filename, sizeof(temp_filename)-1); data/alpine-2.24+dfsg1/pith/mailcmd.c:1315:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename, ps_global->VAR_INBOX_PATH == NULL ? "inbox" : data/alpine-2.24+dfsg1/pith/mailcmd.c:1319:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename, temp_filename, len-1); data/alpine-2.24+dfsg1/pith/mailcmd.c:1325:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename, temp_filename, len-1); data/alpine-2.24+dfsg1/pith/mailcmd.c:1336:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename, temp_filename, len-1); data/alpine-2.24+dfsg1/pith/mailcmd.c:1339:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename, temp_filename, len-1); data/alpine-2.24+dfsg1/pith/mailcmd.c:1402:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(ing, "ed", sizeof(ing)); data/alpine-2.24+dfsg1/pith/mailcmd.c:1404:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(ing, "ing", sizeof(ing)); data/alpine-2.24+dfsg1/pith/mailcmd.c:1760:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(bufp = buf + 1, "Moved", MIN(5,buflen)); /* change Moving to Moved */ data/alpine-2.24+dfsg1/pith/mailcmd.c:1844:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(newfolder, stream->mailbox, sizeof(newfolder)); data/alpine-2.24+dfsg1/pith/mailcmd.c:1854:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(newgrp, "[]", sizeof(newfolder)-(newgrp-newfolder)); data/alpine-2.24+dfsg1/pith/mailcmd.c:1893:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(newgrp, group, sizeof(newfolder)-(newgrp-newfolder)); data/alpine-2.24+dfsg1/pith/mailcmd.c:2348:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pgm->x_gm_ext1->text.size = strlen(namehdr); data/alpine-2.24+dfsg1/pith/mailcmd.c:2360:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pgm->to->text.size = strlen(sstring); data/alpine-2.24+dfsg1/pith/mailcmd.c:2364:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). secondpgm->cc->text.size = strlen(sstring); data/alpine-2.24+dfsg1/pith/mailcmd.c:2370:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pgm->or->first->to->text.size = strlen(sstring); data/alpine-2.24+dfsg1/pith/mailcmd.c:2373:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pgm->or->second->cc->text.size = strlen(sstring); data/alpine-2.24+dfsg1/pith/mailcmd.c:2383:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pgm->to->text.size = strlen(sstring); data/alpine-2.24+dfsg1/pith/mailcmd.c:2387:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). secondpgm->cc->text.size = strlen(sstring); data/alpine-2.24+dfsg1/pith/mailcmd.c:2391:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). thirdpgm->from->text.size = strlen(sstring); data/alpine-2.24+dfsg1/pith/mailcmd.c:2397:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pgm->or->first->to->text.size = strlen(sstring); data/alpine-2.24+dfsg1/pith/mailcmd.c:2403:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pgm->or->second->or->first->cc->text.size = strlen(sstring); data/alpine-2.24+dfsg1/pith/mailcmd.c:2407:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pgm->or->second->or->second->from->text.size = strlen(sstring); data/alpine-2.24+dfsg1/pith/mailcmd.c:2415:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pgm->from->text.size = strlen(sstring); data/alpine-2.24+dfsg1/pith/mailcmd.c:2421:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pgm->cc->text.size = strlen(sstring); data/alpine-2.24+dfsg1/pith/mailcmd.c:2427:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pgm->to->text.size = strlen(sstring); data/alpine-2.24+dfsg1/pith/mailcmd.c:2433:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pgm->subject->text.size = strlen(sstring); data/alpine-2.24+dfsg1/pith/mailcmd.c:2439:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pgm->text->text.size = strlen(sstring); data/alpine-2.24+dfsg1/pith/mailcmd.c:2445:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pgm->body->text.size = strlen(sstring); data/alpine-2.24+dfsg1/pith/mailcmd.c:2701:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (*slpp)->text.size = (unsigned long) strlen(FORWARDED_FLAG); data/alpine-2.24+dfsg1/pith/mailcmd.c:2748:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = strlen(mailbox) - 1; data/alpine-2.24+dfsg1/pith/mailindx.c:711:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(pt->name); data/alpine-2.24+dfsg1/pith/mailindx.c:773:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(pt->name); data/alpine-2.24+dfsg1/pith/mailindx.c:1504:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf[0] ? strlen(buf) : 0)); data/alpine-2.24+dfsg1/pith/mailindx.c:1521:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf[0] ? strlen(buf) : 0)); data/alpine-2.24+dfsg1/pith/mailindx.c:2406:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ielem->datalen = strlen(str); data/alpine-2.24+dfsg1/pith/mailindx.c:2539:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp_20k_buf, name, SIZEOF_20KBUF-1); data/alpine-2.24+dfsg1/pith/mailindx.c:2817:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, first_text, BIGWIDTH); data/alpine-2.24+dfsg1/pith/mailindx.c:2834:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, newsgroups, BIGWIDTH); data/alpine-2.24+dfsg1/pith/mailindx.c:2842:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, newsgroups, sizeof(str)); data/alpine-2.24+dfsg1/pith/mailindx.c:2844:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((l = strlen(str)) < sizeof(str)){ data/alpine-2.24+dfsg1/pith/mailindx.c:2846:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(str+l, "...", sizeof(str)-l); data/alpine-2.24+dfsg1/pith/mailindx.c:2849:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(str+l, " and ", sizeof(str)-l); data/alpine-2.24+dfsg1/pith/mailindx.c:2866:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((l = strlen(str)) < sizeof(str) && data/alpine-2.24+dfsg1/pith/mailindx.c:2869:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(str+l, "...", sizeof(str)-l); data/alpine-2.24+dfsg1/pith/mailindx.c:2872:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(str+l, " and ", sizeof(str)-l); data/alpine-2.24+dfsg1/pith/mailindx.c:2875:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str+l+5, newsgroups, BIGWIDTH-l-5); data/alpine-2.24+dfsg1/pith/mailindx.c:2877:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, newsgroups, BIGWIDTH); data/alpine-2.24+dfsg1/pith/mailindx.c:2885:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, newsgroups, BIGWIDTH); data/alpine-2.24+dfsg1/pith/mailindx.c:2887:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((l = strlen(str)) < BIGWIDTH){ data/alpine-2.24+dfsg1/pith/mailindx.c:2889:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(str+l, "...", BIGWIDTH-l); data/alpine-2.24+dfsg1/pith/mailindx.c:2903:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(str+l, " and ", sizeof(str)-l); data/alpine-2.24+dfsg1/pith/mailindx.c:2936:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((l = strlen(str)) < BIGWIDTH && data/alpine-2.24+dfsg1/pith/mailindx.c:2939:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(str+l, "...", BIGWIDTH-l); data/alpine-2.24+dfsg1/pith/mailindx.c:2942:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(str+l, " and ", sizeof(str)-l); data/alpine-2.24+dfsg1/pith/mailindx.c:2945:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str+l+5, newsgroups, BIGWIDTH-l-5); data/alpine-2.24+dfsg1/pith/mailindx.c:2947:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, newsgroups, BIGWIDTH); data/alpine-2.24+dfsg1/pith/mailindx.c:2964:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, (cdesc->hdrtok && cdesc->hdrtok->hdrname) ? cdesc->hdrtok->hdrname : "", sizeof(str)); data/alpine-2.24+dfsg1/pith/mailindx.c:2988:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ielem->datalen = strlen(str); data/alpine-2.24+dfsg1/pith/mailindx.c:3179:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ielem->datalen = strlen(p); data/alpine-2.24+dfsg1/pith/mailindx.c:3192:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(p) < 6 && (sizeof(buffer)) > 6){ data/alpine-2.24+dfsg1/pith/mailindx.c:3195:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(q = p + strlen(p); q < p + 6; q++) data/alpine-2.24+dfsg1/pith/mailindx.c:3230:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bigthread_adjust = MAX(0, strlen(tcnt) - 3); data/alpine-2.24+dfsg1/pith/mailindx.c:3238:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(tcnt) > subj_width) data/alpine-2.24+dfsg1/pith/mailindx.c:3253:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ielem->datalen = strlen(from); data/alpine-2.24+dfsg1/pith/mailindx.c:3269:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ielem->datalen = strlen(tcnt); data/alpine-2.24+dfsg1/pith/mailindx.c:3274:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). subj_width -= strlen(tcnt); data/alpine-2.24+dfsg1/pith/mailindx.c:3299:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ielem->datalen = strlen(buffer); data/alpine-2.24+dfsg1/pith/mailindx.c:3317:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ielem->datalen = strlen(p); data/alpine-2.24+dfsg1/pith/mailindx.c:3859:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(buf); data/alpine-2.24+dfsg1/pith/mailindx.c:3945:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(h) < strlen(hdrname) + 1){ data/alpine-2.24+dfsg1/pith/mailindx.c:3945:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(h) < strlen(hdrname) + 1){ data/alpine-2.24+dfsg1/pith/mailindx.c:3951:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(p = h + strlen(hdrname) + 1; data/alpine-2.24+dfsg1/pith/mailindx.c:3955:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). decsize = (4 * strlen(p)) + 1; data/alpine-2.24+dfsg1/pith/mailindx.c:3960:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retsize = strlen(decoded); data/alpine-2.24+dfsg1/pith/mailindx.c:4068:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(h) < strlen(field) + 1){ data/alpine-2.24+dfsg1/pith/mailindx.c:4068:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(h) < strlen(field) + 1){ data/alpine-2.24+dfsg1/pith/mailindx.c:4069:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = h + strlen(h); data/alpine-2.24+dfsg1/pith/mailindx.c:4073:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(p = h + strlen(field) + 1; data/alpine-2.24+dfsg1/pith/mailindx.c:4122:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((l = prefix ? strlen(prefix) : 0) != 0) data/alpine-2.24+dfsg1/pith/mailindx.c:4123:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(s, prefix, width+1); data/alpine-2.24+dfsg1/pith/mailindx.c:4150:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((l = prefix ? strlen(prefix) : 0) != 0) data/alpine-2.24+dfsg1/pith/mailindx.c:4151:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(s, prefix, width+1); data/alpine-2.24+dfsg1/pith/mailindx.c:4396:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(monabb, (d.month > 0 && d.month < 13) data/alpine-2.24+dfsg1/pith/mailindx.c:4400:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(mon, (d.month > 0 && d.month < 13) data/alpine-2.24+dfsg1/pith/mailindx.c:4404:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(day, (d.day > 0 && d.day < 32) data/alpine-2.24+dfsg1/pith/mailindx.c:4408:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dayord, data/alpine-2.24+dfsg1/pith/mailindx.c:4416:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(year4, (d.year >= 1000 && d.year < 10000) data/alpine-2.24+dfsg1/pith/mailindx.c:4423:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(yearzero+1, int2string(d.year % 100), sizeof(yearzero)-1); data/alpine-2.24+dfsg1/pith/mailindx.c:4426:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(yearzero, int2string(d.year % 100), sizeof(yearzero)); data/alpine-2.24+dfsg1/pith/mailindx.c:4429:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(yearzero, "??", sizeof(yearzero)); data/alpine-2.24+dfsg1/pith/mailindx.c:4435:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(monzero+1, int2string(d.month), sizeof(monzero)-1); data/alpine-2.24+dfsg1/pith/mailindx.c:4438:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(monzero, int2string(d.month), sizeof(monzero)); data/alpine-2.24+dfsg1/pith/mailindx.c:4440:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(monzero, "??", sizeof(monzero)); data/alpine-2.24+dfsg1/pith/mailindx.c:4446:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dayzero+1, int2string(d.day), sizeof(dayzero)-1); data/alpine-2.24+dfsg1/pith/mailindx.c:4449:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dayzero, int2string(d.day), sizeof(dayzero)); data/alpine-2.24+dfsg1/pith/mailindx.c:4451:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(dayzero, "??", sizeof(dayzero)); data/alpine-2.24+dfsg1/pith/mailindx.c:4459:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(hour12, int2string(hr12), sizeof(hour12)); data/alpine-2.24+dfsg1/pith/mailindx.c:4466:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(hour24+1, int2string(d.hour), sizeof(hour24)-1); data/alpine-2.24+dfsg1/pith/mailindx.c:4469:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(hour24, int2string(d.hour), sizeof(hour24)); data/alpine-2.24+dfsg1/pith/mailindx.c:4476:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(minzero+1, int2string(d.minute), sizeof(minzero)-1); data/alpine-2.24+dfsg1/pith/mailindx.c:4479:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(minzero, int2string(d.minute), sizeof(minzero)); data/alpine-2.24+dfsg1/pith/mailindx.c:4495:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(timezone+2, int2string(d.hours_off_gmt), sizeof(timezone)-2); data/alpine-2.24+dfsg1/pith/mailindx.c:4498:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(timezone+1, int2string(d.hours_off_gmt), sizeof(timezone)-1); data/alpine-2.24+dfsg1/pith/mailindx.c:4507:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(timezone+4, int2string(d.min_off_gmt), sizeof(timezone)-4); data/alpine-2.24+dfsg1/pith/mailindx.c:4510:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(timezone+3, int2string(d.min_off_gmt), sizeof(timezone)-3); data/alpine-2.24+dfsg1/pith/mailindx.c:4532:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, (d.wkday >= 0 && d.wkday <= 6) ? day_abbrev_locale(d.wkday) : "", str_len); data/alpine-2.24+dfsg1/pith/mailindx.c:4537:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, (d.wkday >= 0 && d.wkday <= 6) ? day_name_locale(d.wkday) : "", str_len); data/alpine-2.24+dfsg1/pith/mailindx.c:4544:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, year4, str_len); data/alpine-2.24+dfsg1/pith/mailindx.c:4548:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, dayzero, str_len); data/alpine-2.24+dfsg1/pith/mailindx.c:4553:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, monzero, str_len); data/alpine-2.24+dfsg1/pith/mailindx.c:4559:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, yearzero, str_len); data/alpine-2.24+dfsg1/pith/mailindx.c:4562:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, timezone, str_len); data/alpine-2.24+dfsg1/pith/mailindx.c:4566:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, day, str_len); data/alpine-2.24+dfsg1/pith/mailindx.c:4575:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, int2string(d.month), str_len); data/alpine-2.24+dfsg1/pith/mailindx.c:4581:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, monabb, str_len); data/alpine-2.24+dfsg1/pith/mailindx.c:4586:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, (d.month > 0 && d.month < 13) data/alpine-2.24+dfsg1/pith/mailindx.c:4731:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, _(TODAYSTR), str_len); data/alpine-2.24+dfsg1/pith/mailindx.c:4733:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(str, _("Yesterday"), str_len); data/alpine-2.24+dfsg1/pith/mailindx.c:4737:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(str, _("Tomorrow"), str_len); data/alpine-2.24+dfsg1/pith/mailindx.c:4892:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(hour12, "??", sizeof(hour12)); data/alpine-2.24+dfsg1/pith/mailindx.c:4895:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(hour24, "??", sizeof(hour24)); data/alpine-2.24+dfsg1/pith/mailindx.c:4905:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(minzero, "??", sizeof(minzero)); data/alpine-2.24+dfsg1/pith/mailindx.c:4923:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(monabb, (d.month >= 1 && d.month <= 12) data/alpine-2.24+dfsg1/pith/mailindx.c:4930:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(dayzero, "??", sizeof(dayzero)); data/alpine-2.24+dfsg1/pith/mailindx.c:4937:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(yearzero, "??", sizeof(yearzero)); data/alpine-2.24+dfsg1/pith/mailindx.c:4946:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(str, str + 1, strlen(str)); data/alpine-2.24+dfsg1/pith/mailindx.c:4992:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(hour12, "??", sizeof(hour12)); data/alpine-2.24+dfsg1/pith/mailindx.c:4995:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(hour24, "??", sizeof(hour24)); data/alpine-2.24+dfsg1/pith/mailindx.c:5012:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(minzero, "??", sizeof(minzero)); data/alpine-2.24+dfsg1/pith/mailindx.c:5019:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(monabb, (d.month >= 1 && d.month <= 12) data/alpine-2.24+dfsg1/pith/mailindx.c:5026:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(dayzero, "??", sizeof(dayzero)); data/alpine-2.24+dfsg1/pith/mailindx.c:5033:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(monabb, (d.month >= 1 && d.month <= 12) data/alpine-2.24+dfsg1/pith/mailindx.c:5040:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(dayzero, "??", sizeof(dayzero)); data/alpine-2.24+dfsg1/pith/mailindx.c:5047:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(yearzero, "??", sizeof(yearzero)); data/alpine-2.24+dfsg1/pith/mailindx.c:5056:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(str, str + 1, strlen(str)); data/alpine-2.24+dfsg1/pith/mailindx.c:5111:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). remaining_octets = strlen(word); data/alpine-2.24+dfsg1/pith/mailindx.c:5119:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ielem->data, word, ielem->datalen); data/alpine-2.24+dfsg1/pith/mailindx.c:5158:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ielem->datalen = strlen(word); data/alpine-2.24+dfsg1/pith/mailindx.c:5271:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ielem->datalen = strlen(ielem->data); data/alpine-2.24+dfsg1/pith/mailindx.c:5321:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ielem->datalen = strlen(fieldval); data/alpine-2.24+dfsg1/pith/mailindx.c:5480:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(sp); data/alpine-2.24+dfsg1/pith/mailindx.c:5523:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). subjielem->datalen = strlen(subject); data/alpine-2.24+dfsg1/pith/mailindx.c:5805:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sptr, subject, strsize-1); data/alpine-2.24+dfsg1/pith/mailindx.c:5833:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ielem->datalen = strlen(origstr); data/alpine-2.24+dfsg1/pith/mailindx.c:5842:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, subject, strsize-1); data/alpine-2.24+dfsg1/pith/mailindx.c:5876:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sep, ps_global->VAR_OPENING_SEP ? ps_global->VAR_OPENING_SEP : " - ", data/alpine-2.24+dfsg1/pith/mailindx.c:5880:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). seplen = strlen(sep); data/alpine-2.24+dfsg1/pith/mailindx.c:5885:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(first_text) + seplen; data/alpine-2.24+dfsg1/pith/mailindx.c:5888:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ftielem->data, sep, seplen); data/alpine-2.24+dfsg1/pith/mailindx.c:5889:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ftielem->data+seplen, first_text, len+1-seplen); data/alpine-2.24+dfsg1/pith/mailindx.c:5892:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ftielem->datalen = strlen(ftielem->data); data/alpine-2.24+dfsg1/pith/mailindx.c:5981:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (left_brace ? strlen(left_brace) : 0) + data/alpine-2.24+dfsg1/pith/mailindx.c:5982:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (right_brace ? strlen(right_brace) : 0); data/alpine-2.24+dfsg1/pith/mailindx.c:5992:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(str); data/alpine-2.24+dfsg1/pith/mailindx.c:6002:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). remaining_octets = strlen(str); data/alpine-2.24+dfsg1/pith/mailindx.c:6016:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(subject); /* subject is already UTF-8 if needed */ data/alpine-2.24+dfsg1/pith/mailindx.c:6036:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ielem->datalen = strlen(next_piece); data/alpine-2.24+dfsg1/pith/mailindx.c:6049:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). remaining_octets = strlen(str); data/alpine-2.24+dfsg1/pith/mailindx.c:6065:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ielem->datalen = strlen(next_piece); data/alpine-2.24+dfsg1/pith/mailindx.c:6092:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ielem->datalen = strlen(next_piece); data/alpine-2.24+dfsg1/pith/mailindx.c:6114:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ielem->datalen = strlen(next_piece); data/alpine-2.24+dfsg1/pith/mailindx.c:6129:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ielem->datalen = strlen(next_piece); data/alpine-2.24+dfsg1/pith/mailindx.c:6148:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ielem->datalen = strlen(subject); data/alpine-2.24+dfsg1/pith/mailindx.c:6295:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(fptr, "To: ", strsize-1); data/alpine-2.24+dfsg1/pith/mailindx.c:6342:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(mb); data/alpine-2.24+dfsg1/pith/maillist.c:128:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(rfc2369_fields[ifield].name)) data/alpine-2.24+dfsg1/pith/maillist.c:176:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && url == h && l == strlen(h)){ data/alpine-2.24+dfsg1/pith/mailview.c:444:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (*pc)(strlen(buf)) && gf_puts(buf, pc))) data/alpine-2.24+dfsg1/pith/mailview.c:527:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). caltext = rfc822_base64(rawtext, strlen(rawtext), &callen); data/alpine-2.24+dfsg1/pith/mailview.c:537:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). caltext = rfc822_qprint ((unsigned char *) rawtext,strlen(rawtext),&callen); data/alpine-2.24+dfsg1/pith/mailview.c:595:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gf_set_readc(&gc, text2, (unsigned long)strlen(text2), CharStar, 0); data/alpine-2.24+dfsg1/pith/mailview.c:1094:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (*pc)(strlen(buf)) && gf_puts(buf, pc))) data/alpine-2.24+dfsg1/pith/mailview.c:1250:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fbuf, fieldname, MIN(colon-fieldname,sizeof(fbuf))); data/alpine-2.24+dfsg1/pith/mailview.c:1315:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmpfield, field, sizeof(tmpfield)-2); data/alpine-2.24+dfsg1/pith/mailview.c:1317:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(tmpfield, ":", sizeof(tmpfield)-strlen(tmpfield)-1); data/alpine-2.24+dfsg1/pith/mailview.c:1317:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tmpfield, ":", sizeof(tmpfield)-strlen(tmpfield)-1); data/alpine-2.24+dfsg1/pith/mailview.c:1399:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(colorstring + (*len), url_embed(TAG_BOLDON), MIN(3,buflen-(*len))); data/alpine-2.24+dfsg1/pith/mailview.c:1436:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(colorstring, url_embed(TAG_BOLDOFF), MIN(3,buflen)); data/alpine-2.24+dfsg1/pith/mailview.c:1504:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fg, color_to_asciirgb(VAR_NORM_FORE_COLOR), sizeof(fg)); data/alpine-2.24+dfsg1/pith/mailview.c:1506:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bg, color_to_asciirgb(VAR_NORM_BACK_COLOR), sizeof(bg)); data/alpine-2.24+dfsg1/pith/mailview.c:1553:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ins = gf_line_test_new_ins(ins, line + strlen(line), data/alpine-2.24+dfsg1/pith/mailview.c:1586:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(field, line, MIN(value-line, sizeof(field)-1)); data/alpine-2.24+dfsg1/pith/mailview.c:1592:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fg, color_to_asciirgb(VAR_HEADER_GENERAL_FORE_COLOR), sizeof(fg)); data/alpine-2.24+dfsg1/pith/mailview.c:1594:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bg, color_to_asciirgb(VAR_HEADER_GENERAL_BACK_COLOR), sizeof(bg)); data/alpine-2.24+dfsg1/pith/mailview.c:1618:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fg, color_to_asciirgb(color->fg), sizeof(fg)); data/alpine-2.24+dfsg1/pith/mailview.c:1620:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bg, color_to_asciirgb(color->bg), sizeof(bg)); data/alpine-2.24+dfsg1/pith/mailview.c:1780:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ins = gf_line_test_new_ins(ins, line + strlen(line), data/alpine-2.24+dfsg1/pith/mailview.c:1839:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ins = gf_line_test_new_ins(ins, line + strlen(line), data/alpine-2.24+dfsg1/pith/mailview.c:1914:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf[2] = strlen(&buf[3]); data/alpine-2.24+dfsg1/pith/mailview.c:2025:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wid += width_at_this_position((unsigned char *) p, strlen(p)); data/alpine-2.24+dfsg1/pith/mailview.c:2032:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ins = gf_line_test_new_ins(ins, line + strlen(line), data/alpine-2.24+dfsg1/pith/mailview.c:2036:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ins = gf_line_test_new_ins(ins, line+strlen(line), data/alpine-2.24+dfsg1/pith/mailview.c:2038:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ins = gf_line_test_new_ins(ins, line + strlen(line), data/alpine-2.24+dfsg1/pith/mailview.c:2061:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(p) == len && !struncmp(p, url, len)) data/alpine-2.24+dfsg1/pith/mailview.c:2078:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&list[i * UES_LEN], p, MIN(n, sizeof(list)-(i * UES_LEN))); data/alpine-2.24+dfsg1/pith/mailview.c:2089:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(p) <= UES_LEN){ data/alpine-2.24+dfsg1/pith/mailview.c:2090:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&list[i * UES_LEN], p, sizeof(list)-(i * UES_LEN)); data/alpine-2.24+dfsg1/pith/mailview.c:2133:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = &url[strlen(url)-1]; /* assume only iserver */ data/alpine-2.24+dfsg1/pith/mailview.c:2180:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(server) + strlen(criteria) + 10 + (user ? (strlen(user)+2) : 9); data/alpine-2.24+dfsg1/pith/mailview.c:2180:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(server) + strlen(criteria) + 10 + (user ? (strlen(user)+2) : 9); data/alpine-2.24+dfsg1/pith/mailview.c:2180:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(server) + strlen(criteria) + 10 + (user ? (strlen(user)+2) : 9); data/alpine-2.24+dfsg1/pith/mailview.c:2247:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(server) + 8 + (mailbox ? strlen(mailbox) : 0) data/alpine-2.24+dfsg1/pith/mailview.c:2247:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(server) + 8 + (mailbox ? strlen(mailbox) : 0) data/alpine-2.24+dfsg1/pith/mailview.c:2248:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + (user ? (strlen(user)+2) : 9); data/alpine-2.24+dfsg1/pith/mailview.c:2421:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, start, MIN(colon_loc-start, sizeof(tmp)-1)); data/alpine-2.24+dfsg1/pith/mailview.c:2577:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). column = MAX(column-strlen(prefix), 50); data/alpine-2.24+dfsg1/pith/mailview.c:2845:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fbuf, fieldname, MIN(colon-fieldname,FBUF_LEN)); data/alpine-2.24+dfsg1/pith/mailview.c:2888:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fbuf, fieldname, MIN(colon-fieldname,FBUF_LEN)); data/alpine-2.24+dfsg1/pith/mailview.c:3148:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). llen = strlen(field_name); data/alpine-2.24+dfsg1/pith/mailview.c:3151:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, newsgrps, MIN(next_ng - newsgrps, sizeof(buf)-1)); data/alpine-2.24+dfsg1/pith/mailview.c:3156:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). alen = strlen(buf); data/alpine-2.24+dfsg1/pith/mailview.c:3308:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(p->attribute && (n = strlen(p->attribute)) > longest) data/alpine-2.24+dfsg1/pith/mailview.c:3319:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d += strlen(d); data/alpine-2.24+dfsg1/pith/mailview.c:3337:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d += strlen(d); data/alpine-2.24+dfsg1/pith/mailview.c:3418:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). match = m = fs_get(strlen(h) + strlen(p) + 1); data/alpine-2.24+dfsg1/pith/mailview.c:3418:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). match = m = fs_get(strlen(h) + strlen(p) + 1); data/alpine-2.24+dfsg1/pith/mailview.c:3554:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(colorstring + (*len), url_embed(TAG_BOLDON), MIN(3,buflen-(*len))); data/alpine-2.24+dfsg1/pith/mailview.c:3597:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(colorstring, url_embed(TAG_BOLDOFF), MIN(3,buflen)); data/alpine-2.24+dfsg1/pith/margin.c:63:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, ps_global->VAR_VIEW_MARGIN_LEFT, sizeof(tmp)-1); data/alpine-2.24+dfsg1/pith/margin.c:67:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(tmp); data/alpine-2.24+dfsg1/pith/margin.c:90:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, ps_global->VAR_VIEW_MARGIN_RIGHT, sizeof(tmp)-1); data/alpine-2.24+dfsg1/pith/margin.c:94:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(tmp); data/alpine-2.24+dfsg1/pith/mimedesc.c:122:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix[n = strlen(prefix) - 1] = '\0'; data/alpine-2.24+dfsg1/pith/mimedesc.c:138:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix[n = strlen(prefix) - 1] = '\0'; data/alpine-2.24+dfsg1/pith/mimedesc.c:157:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix[n = strlen(prefix) - 1] = '\0'; data/alpine-2.24+dfsg1/pith/mimedesc.c:278:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ll = (strlen(prefix) + 16) * sizeof(char); data/alpine-2.24+dfsg1/pith/mimedesc.c:383:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sender_filename, filename, sfsize-1); data/alpine-2.24+dfsg1/pith/mimedesc.c:455:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(body_type, /* copy the given type */ data/alpine-2.24+dfsg1/pith/mimedesc.c:632:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(p = string, byte_string((3 * b->size.bytes) / 4), stringlen-(string-origstring)); data/alpine-2.24+dfsg1/pith/mimedesc.c:648:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(p = string, byte_string(b->size.bytes), stringlen-(string-origstring)); data/alpine-2.24+dfsg1/pith/mimedesc.c:662:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(p, tmp, stringlen-(p-origstring)); data/alpine-2.24+dfsg1/pith/mimedesc.c:796:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = &tmp_20k_buf[strlen(tmp_20k_buf)]; data/alpine-2.24+dfsg1/pith/mimetype.c:353:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (try_extension) <= MT_MAX_FILE_EXTENSION) { data/alpine-2.24+dfsg1/pith/mimetype.c:354:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (t2e->to.ext, try_extension, 32); data/alpine-2.24+dfsg1/pith/newmail.c:726:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *f = fs_get((strlen(fname) + 1)*sizeof(char)); data/alpine-2.24+dfsg1/pith/newmail.c:728:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). utf8_to_width_rhs(f, fname, strlen(fname) + 1, newfl-3); data/alpine-2.24+dfsg1/pith/news.c:51:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return(!struncmp(mailbox + 1, namespace, strlen(namespace))); data/alpine-2.24+dfsg1/pith/news.c:157:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((*ntmpp)->groupname, name, end - name); data/alpine-2.24+dfsg1/pith/news.c:297:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). expanded_len += strlen(ntmp->groupname) + 2; data/alpine-2.24+dfsg1/pith/news.c:313:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ep = ng_error + strlen(ng_error); data/alpine-2.24+dfsg1/pith/news.c:331:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(ep, ", ", sizeof(ng_error)-(ep-ng_error)); data/alpine-2.24+dfsg1/pith/osdep/bldpath.c:66:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pathbuf, second_part, len-1); data/alpine-2.24+dfsg1/pith/osdep/bldpath.c:96:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pathbuf, first_part, len-2); data/alpine-2.24+dfsg1/pith/osdep/bldpath.c:99:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(*pathbuf && pathbuf[(fpl=strlen(pathbuf))-1] != '/'){ data/alpine-2.24+dfsg1/pith/osdep/bldpath.c:104:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(pathbuf, second_part, len-1-strlen(pathbuf)); data/alpine-2.24+dfsg1/pith/osdep/bldpath.c:104:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(pathbuf, second_part, len-1-strlen(pathbuf)); data/alpine-2.24+dfsg1/pith/osdep/canaccess.c:79:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(testname, file, MAXPATH-1); data/alpine-2.24+dfsg1/pith/osdep/canaccess.c:81:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(testname[0] && testname[(l=strlen(testname))-1] != '\\' && data/alpine-2.24+dfsg1/pith/osdep/canaccess.c:84:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(testname, "\\", MAXPATH-strlen(testname)-1); data/alpine-2.24+dfsg1/pith/osdep/canaccess.c:84:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(testname, "\\", MAXPATH-strlen(testname)-1); data/alpine-2.24+dfsg1/pith/osdep/canaccess.c:89:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(testname, "caXXXXXX", MAXPATH-strlen(testname)-1) && mktemp(testname)){ data/alpine-2.24+dfsg1/pith/osdep/canaccess.c:89:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(testname, "caXXXXXX", MAXPATH-strlen(testname)-1) && mktemp(testname)){ data/alpine-2.24+dfsg1/pith/osdep/canaccess.c:137:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, file, sizeof(tmp)); data/alpine-2.24+dfsg1/pith/osdep/canaccess.c:144:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(path) < MAXPATH){ data/alpine-2.24+dfsg1/pith/osdep/canaccess.c:145:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path_copy, path, sizeof(path_copy)); data/alpine-2.24+dfsg1/pith/osdep/canonicl.c:55:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (host[0] == '[' && host[(strlen (host))-1] == ']') data/alpine-2.24+dfsg1/pith/osdep/canonicl.c:56:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(b, host, NETMAXHOST); data/alpine-2.24+dfsg1/pith/osdep/canonicl.c:58:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, host, sizeof(tmp)-1); data/alpine-2.24+dfsg1/pith/osdep/canonicl.c:63:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(b, hent->h_name, NETMAXHOST); data/alpine-2.24+dfsg1/pith/osdep/canonicl.c:65:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(b, host, NETMAXHOST); data/alpine-2.24+dfsg1/pith/osdep/color.c:50:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ret->fg, fg, MAXCOLORLEN); data/alpine-2.24+dfsg1/pith/osdep/color.c:55:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ret->bg, bg, MAXCOLORLEN); data/alpine-2.24+dfsg1/pith/osdep/creatdir.c:70:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t olen, dlen = strlen(dir); data/alpine-2.24+dfsg1/pith/osdep/creatdir.c:94:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *s = &dir[strlen(dir) - 6]; data/alpine-2.24+dfsg1/pith/osdep/domnames.c:63:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(domainname, "unknown", dsize-1); data/alpine-2.24+dfsg1/pith/osdep/domnames.c:65:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(hostname, "unknown", hsize-1); data/alpine-2.24+dfsg1/pith/osdep/domnames.c:74:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(hostname, hname, hsize-1); data/alpine-2.24+dfsg1/pith/osdep/domnames.c:90:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(hostname, he->h_name, hsize-1); data/alpine-2.24+dfsg1/pith/osdep/domnames.c:105:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(hostname, maybe, hsize-1); data/alpine-2.24+dfsg1/pith/osdep/domnames.c:114:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(domainname, dn+1, dsize-1); data/alpine-2.24+dfsg1/pith/osdep/domnames.c:116:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(domainname, hostname, dsize-1); data/alpine-2.24+dfsg1/pith/osdep/fnexpand.c:82:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(pw->pw_dir) + strlen(buf) > len) { data/alpine-2.24+dfsg1/pith/osdep/fnexpand.c:82:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(pw->pw_dir) + strlen(buf) > len) { data/alpine-2.24+dfsg1/pith/osdep/hostname.c:59:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(hostname, "unknown", size-1); data/alpine-2.24+dfsg1/pith/osdep/hostname.c:73:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void)strncpy(hostname,name.nodename,size-1); data/alpine-2.24+dfsg1/pith/osdep/hostname.c:88:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(hostname, buf, size - 1); data/alpine-2.24+dfsg1/pith/osdep/hostname.c:103:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(hostname,name.nodename,size-1); data/alpine-2.24+dfsg1/pith/osdep/hostname.c:105:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(hostname, HOSTNAME, size-1); data/alpine-2.24+dfsg1/pith/osdep/mimedisp.c:181:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(mime_type, u, mime_type_len); data/alpine-2.24+dfsg1/pith/osdep/mimedisp.c:270:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(file_ext, u, file_ext_len); data/alpine-2.24+dfsg1/pith/osdep/mimedisp.c:368:2: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buf + 1, file_ext, sizeof(buf)/sizeof(TCHAR)-1); data/alpine-2.24+dfsg1/pith/osdep/mimedisp.c:388:21: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(mime_type && _tcslen(mime_type) < 50){ data/alpine-2.24+dfsg1/pith/osdep/pipe.c:161:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cmdbuf, command, sizeof(cmdbuf)); data/alpine-2.24+dfsg1/pith/osdep/pipe.c:181:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). syspipe->outfile = (char *) malloc((strlen(*outfile)+1)*sizeof(char)); data/alpine-2.24+dfsg1/pith/osdep/pipe.c:182:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(syspipe->outfile, strlen(*outfile)+1, "%s", *outfile); data/alpine-2.24+dfsg1/pith/osdep/pipe.c:192:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). syspipe->command = (char *) malloc((strlen(cmdbuf)+1)*sizeof(char)); data/alpine-2.24+dfsg1/pith/osdep/pipe.c:193:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(syspipe->command, strlen(cmdbuf)+1, "%s", cmdbuf); data/alpine-2.24+dfsg1/pith/osdep/pipe.c:201:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). syspipe->command = (char *) malloc((strlen(cmdbuf)+1)*sizeof(char)); data/alpine-2.24+dfsg1/pith/osdep/pipe.c:202:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(syspipe->command, strlen(cmdbuf)+1, "%s", cmdbuf); data/alpine-2.24+dfsg1/pith/osdep/pipe.c:220:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). syspipe->command = (char *) malloc((strlen(cmdbuf)+1)*sizeof(char)); data/alpine-2.24+dfsg1/pith/osdep/pipe.c:221:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(syspipe->command, strlen(cmdbuf)+1, "%s", cmdbuf); data/alpine-2.24+dfsg1/pith/osdep/pipe.c:257:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = strlen(p); data/alpine-2.24+dfsg1/pith/osdep/pipe.c:260:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(syspipe->args, p, l); data/alpine-2.24+dfsg1/pith/osdep/pipe.c:383:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(shellpath, env, sizeof(shellpath)-1); data/alpine-2.24+dfsg1/pith/osdep/pipe.c:388:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(shellpath, "/bin/csh", sizeof(shellpath)-1); data/alpine-2.24+dfsg1/pith/osdep/pipe.c:394:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(shellpath, "/bin/sh", sizeof(shellpath)-1); data/alpine-2.24+dfsg1/pith/osdep/pw_stuff.c:100:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(fname_to_utf8(unix_pwd->pw_dir)); data/alpine-2.24+dfsg1/pith/osdep/pw_stuff.c:104:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(fname_to_utf8(unix_pwd->pw_name)); data/alpine-2.24+dfsg1/pith/osdep/pw_stuff.c:109:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(fname_to_utf8(s)); data/alpine-2.24+dfsg1/pith/osdep/pw_stuff.c:137:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ui->homedir = (char *) malloc((strlen(buf)+1) * sizeof(char)); data/alpine-2.24+dfsg1/pith/osdep/pw_stuff.c:139:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ui->homedir, buf, strlen(buf)); data/alpine-2.24+dfsg1/pith/osdep/pw_stuff.c:139:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(ui->homedir, buf, strlen(buf)); data/alpine-2.24+dfsg1/pith/osdep/pw_stuff.c:140:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ui->homedir[strlen(buf)] = '\0'; data/alpine-2.24+dfsg1/pith/osdep/pw_stuff.c:177:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(name); data/alpine-2.24+dfsg1/pith/osdep/pw_stuff.c:185:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, lcase, l+1); data/alpine-2.24+dfsg1/pith/osdep/pw_stuff.c:196:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (s = (char *) malloc(l = ((strlen(gn) + 1) * sizeof(char)))) != NULL) data/alpine-2.24+dfsg1/pith/osdep/temp_nam.c:99:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(as, ".", aslen-strlen(as)-1); data/alpine-2.24+dfsg1/pith/osdep/temp_nam.c:99:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(as, ".", aslen-strlen(as)-1); data/alpine-2.24+dfsg1/pith/osdep/temp_nam.c:101:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(as, ext, aslen-strlen(as)-1); data/alpine-2.24+dfsg1/pith/osdep/temp_nam.c:101:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(as, ext, aslen-strlen(as)-1); data/alpine-2.24+dfsg1/pith/osdep/temp_nam.c:250:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, f, MAXPATH-1); data/alpine-2.24+dfsg1/pith/osdep/temp_nam.c:258:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, f, MAXPATH-1); data/alpine-2.24+dfsg1/pith/osdep/temp_nam.c:266:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, f, MAXPATH-1); data/alpine-2.24+dfsg1/pith/osdep/temp_nam.c:272:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, dir, MAXPATH-1); data/alpine-2.24+dfsg1/pith/osdep/temp_nam.c:277:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(name, PATH_SEP, MAXPATH-strlen(name)-1); data/alpine-2.24+dfsg1/pith/osdep/temp_nam.c:277:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(name, PATH_SEP, MAXPATH-strlen(name)-1); data/alpine-2.24+dfsg1/pith/osdep/temp_nam.c:285:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, dir, MAXPATH-1); data/alpine-2.24+dfsg1/pith/osdep/temp_nam.c:302:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, P_tmpdir, MAXPATH-1); data/alpine-2.24+dfsg1/pith/osdep/temp_nam.c:311:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(name, "/tmp", MAXPATH-1); data/alpine-2.24+dfsg1/pith/osdep/temp_nam.c:322:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(name[0] && *((f = &name[l=strlen(name)]) - 1) != PATH_SEP[0] && l+1 < MAXPATH){ data/alpine-2.24+dfsg1/pith/osdep/temp_nam.c:328:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(prefix && (ll = strlen(prefix)) && l+ll < MAXPATH){ data/alpine-2.24+dfsg1/pith/osdep/temp_nam.c:329:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(f, prefix, MAXPATH-(f-name)); data/alpine-2.24+dfsg1/pith/osdep/temp_nam.c:335:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(l+5+(ext[0] ? strlen(ext)+1 : 0) < MAXPATH){ data/alpine-2.24+dfsg1/pith/osdep/temp_nam.c:336:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(f, "XXXXX", MAXPATH-(f-name)); data/alpine-2.24+dfsg1/pith/pattern.c:215:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = q = (char *)fs_get(strlen(src) + 1); data/alpine-2.24+dfsg1/pith/pattern.c:414:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((pp = remove_pat_escapes(qq+strlen(srchfor))) != NULL){ \ data/alpine-2.24+dfsg1/pith/pattern.c:431:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((pp = remove_pat_escapes(qq+strlen(srchfor))) != NULL){ \ data/alpine-2.24+dfsg1/pith/pattern.c:986:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(PATTERN_MAGIC); data/alpine-2.24+dfsg1/pith/pattern.c:1943:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(lbuf, "-INF", sizeof(lbuf)); data/alpine-2.24+dfsg1/pith/pattern.c:1950:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(rbuf, "INF", sizeof(rbuf)); data/alpine-2.24+dfsg1/pith/pattern.c:2383:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). head = config_to_pattern(q+strlen(copy)); data/alpine-2.24+dfsg1/pith/pattern.c:2386:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). head = config_to_pattern(q+strlen(copynot)); data/alpine-2.24+dfsg1/pith/pattern.c:2393:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). remove_backslash_escapes(q+strlen(copy))) != NULL){ data/alpine-2.24+dfsg1/pith/pattern.c:2400:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). remove_backslash_escapes(q+strlen(copynot))) != NULL){ data/alpine-2.24+dfsg1/pith/pattern.c:2526:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). workspace = (char *)fs_get((strlen(str)+1) * sizeof(char)); data/alpine-2.24+dfsg1/pith/pattern.c:2700:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(str) + 1; data/alpine-2.24+dfsg1/pith/pattern.c:2703:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(strlen(str) + 1 > l){ data/alpine-2.24+dfsg1/pith/pattern.c:2704:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(str) + 1; data/alpine-2.24+dfsg1/pith/pattern.c:3391:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(patline->filename) + 5; data/alpine-2.24+dfsg1/pith/pattern.c:3393:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(p, "FILE:", l+1); data/alpine-2.24+dfsg1/pith/pattern.c:3395:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(p, patline->filename, l+1-1-strlen(p)); data/alpine-2.24+dfsg1/pith/pattern.c:3395:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(p, patline->filename, l+1-1-strlen(p)); data/alpine-2.24+dfsg1/pith/pattern.c:3491:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(p) + 4; data/alpine-2.24+dfsg1/pith/pattern.c:3493:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(*lvalue, "LIT:", l+1); data/alpine-2.24+dfsg1/pith/pattern.c:3495:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(*lvalue, p, l+1-1-strlen(*lvalue)); data/alpine-2.24+dfsg1/pith/pattern.c:3495:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(*lvalue, p, l+1-1-strlen(*lvalue)); data/alpine-2.24+dfsg1/pith/pattern.c:3656:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(a->field)+strlen(p1)+1; data/alpine-2.24+dfsg1/pith/pattern.c:3656:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(a->field)+strlen(p1)+1; data/alpine-2.24+dfsg1/pith/pattern.c:3660:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(p3)+6; data/alpine-2.24+dfsg1/pith/pattern.c:3665:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(p4); data/alpine-2.24+dfsg1/pith/pattern.c:3684:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(a->field)+strlen(p1)+1; data/alpine-2.24+dfsg1/pith/pattern.c:3684:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(a->field)+strlen(p1)+1; data/alpine-2.24+dfsg1/pith/pattern.c:3688:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(p3)+6; data/alpine-2.24+dfsg1/pith/pattern.c:3743:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sz += strlen(l[0]) + 1; data/alpine-2.24+dfsg1/pith/pattern.c:3859:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sz += strlen(l[0]) + 1; data/alpine-2.24+dfsg1/pith/pattern.c:3896:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sz += strlen(l[0]) + 1; data/alpine-2.24+dfsg1/pith/pattern.c:3927:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sz += strlen(l[0]) + 1; data/alpine-2.24+dfsg1/pith/pattern.c:4072:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(nick ? nick : "Alternate Role") + data/alpine-2.24+dfsg1/pith/pattern.c:4073:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(comment ? comment : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4074:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(to_pat ? to_pat : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4075:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(from_pat ? from_pat : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4076:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(sender_pat ? sender_pat : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4077:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(cc_pat ? cc_pat : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4078:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(recip_pat ? recip_pat : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4079:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(partic_pat ? partic_pat : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4080:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(news_pat ? news_pat : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4081:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(subj_pat ? subj_pat : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4082:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(alltext_pat ? alltext_pat : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4083:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(bodytext_pat ? bodytext_pat : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4084:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(arb_pat ? arb_pat : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4085:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(scorei_pat ? scorei_pat : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4086:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(keyword_pat ? keyword_pat : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4087:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(charset_pat ? charset_pat : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4088:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(age_pat ? age_pat : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4089:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(size_pat ? size_pat : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4090:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(category_cmd ? category_cmd : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4091:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(category_pat ? category_pat : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4092:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(category_lim ? category_lim : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4093:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(fldr_pat ? fldr_pat : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4094:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(abooks_pat ? abooks_pat : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4095:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(sentdate ? sentdate : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4096:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(inherit_nick ? inherit_nick : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4097:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(score_act ? score_act : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4098:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(hdrtok_act ? hdrtok_act : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4099:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(from_act ? from_act : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4100:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(replyto_act ? replyto_act : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4101:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(fcc_act ? fcc_act : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4102:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(litsig_act ? litsig_act : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4103:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(cstm_act ? cstm_act : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4104:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(smtp_act ? smtp_act : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4105:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(nntp_act ? nntp_act : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4106:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(sig_act ? sig_act : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4107:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(incol_act ? incol_act : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4108:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(sort_act ? sort_act : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4109:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(iform_act ? iform_act : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4110:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(start_act ? start_act : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4111:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(filt_ifnotdel ? filt_ifnotdel : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4112:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(filt_nokill ? filt_nokill : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4113:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(filt_nonterm ? filt_nonterm : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4114:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (folder_act ? (strlen(folder_act) + 8) : 0) + data/alpine-2.24+dfsg1/pith/pattern.c:4115:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(keyword_set ? keyword_set : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4116:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(keyword_clr ? keyword_clr : "") + data/alpine-2.24+dfsg1/pith/pattern.c:4117:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(templ_act ? templ_act : "") + 540; data/alpine-2.24+dfsg1/pith/pattern.c:5494:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = (strlen(patfolder) < (MAILTMPLEN/2)) data/alpine-2.24+dfsg1/pith/pattern.c:5965:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (*list)->text.size = strlen(decoded); data/alpine-2.24+dfsg1/pith/pattern.c:6218:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(s[strlen(field)] == SPACE || s[strlen(field)] == '\0') data/alpine-2.24+dfsg1/pith/pattern.c:6218:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(s[strlen(field)] == SPACE || s[strlen(field)] == '\0') data/alpine-2.24+dfsg1/pith/pattern.c:6222:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while(strlen(field) + (*ptr - *start) + 1 > *asize){ data/alpine-2.24+dfsg1/pith/pattern.c:6225:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *ptr = *start + strlen(*start); data/alpine-2.24+dfsg1/pith/pattern.c:7931:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width -= (strlen(buf) + 2 + 5); data/alpine-2.24+dfsg1/pith/pattern.c:8059:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen += (strlen(*t) + 1); data/alpine-2.24+dfsg1/pith/pattern.c:8064:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen += (strlen(*t) + 1); data/alpine-2.24+dfsg1/pith/pattern.c:8131:73: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). w = MIN((ps_global->ttyo ? ps_global->ttyo->screen_cols : 80) - strlen(b) - 1 - 2, sizeof(c)-1); data/alpine-2.24+dfsg1/pith/pattern.c:8137:73: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). w = MIN((ps_global->ttyo ? ps_global->ttyo->screen_cols : 80) - strlen(b) - 1 - 2, sizeof(c)-1); data/alpine-2.24+dfsg1/pith/remote.c:521:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir, ps_global->pinerc, MIN(to_copy, sizeof(dir)-1)); data/alpine-2.24+dfsg1/pith/remote.c:650:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(pinerc_dir && rd->lf && strlen(rd->lf) > strlen(pinerc_dir)) data/alpine-2.24+dfsg1/pith/remote.c:650:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(pinerc_dir && rd->lf && strlen(rd->lf) > strlen(pinerc_dir)) data/alpine-2.24+dfsg1/pith/remote.c:651:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rel_filename = rd->lf + strlen(pinerc_dir) + 1; data/alpine-2.24+dfsg1/pith/remote.c:677:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strncmp(line, key, strlen(key)) == 0 && line[strlen(key)] == TAB) data/alpine-2.24+dfsg1/pith/remote.c:677:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strncmp(line, key, strlen(key)) == 0 && line[strlen(key)] == TAB) data/alpine-2.24+dfsg1/pith/remote.c:922:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strncmp(line, key, strlen(key)) == 0 && line[strlen(key)] == TAB) data/alpine-2.24+dfsg1/pith/remote.c:922:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strncmp(line, key, strlen(key)) == 0 && line[strlen(key)] == TAB) data/alpine-2.24+dfsg1/pith/remote.c:2283:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(returndate, date, 100); data/alpine-2.24+dfsg1/pith/reply.c:88:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(s); j = strlen(t); data/alpine-2.24+dfsg1/pith/reply.c:88:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(s); j = strlen(t); data/alpine-2.24+dfsg1/pith/reply.c:265:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q = strlen(h); data/alpine-2.24+dfsg1/pith/reply.c:267:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fname, field, sizeof(fname)-2); data/alpine-2.24+dfsg1/pith/reply.c:269:8: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(fname, ":", sizeof(fname)-strlen(fname)-1); data/alpine-2.24+dfsg1/pith/reply.c:269:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(fname, ":", sizeof(fname)-strlen(fname)-1); data/alpine-2.24+dfsg1/pith/reply.c:273:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rplstr(p, q-(p-h), strlen(fname), ""); /* strip field strings */ data/alpine-2.24+dfsg1/pith/reply.c:291:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(h, p, l = strlen(p)); data/alpine-2.24+dfsg1/pith/reply.c:298:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = (char *) rfc822_binary(h, strlen(h), data/alpine-2.24+dfsg1/pith/reply.c:306:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ll = strlen(p) + 4; data/alpine-2.24+dfsg1/pith/reply.c:606:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!(env->message_id && (id_len = strlen(env->message_id)))) data/alpine-2.24+dfsg1/pith/reply.c:630:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((len=strlen(h)) + 1+id_len + foldslop >= MAXHEADERSIZE data/alpine-2.24+dfsg1/pith/reply.c:639:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). first_ref_len = strlen(first_ref)+1; /* len includes space */ data/alpine-2.24+dfsg1/pith/reply.c:643:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while((len=strlen(tail_refs)) + first_ref_len + 1+id_len + data/alpine-2.24+dfsg1/pith/reply.c:654:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((len=strlen(tail_refs)) + first_ref_len + 1+id_len + data/alpine-2.24+dfsg1/pith/reply.c:755:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t l = (subject && *subject) ? 4*strlen(subject) : 10; data/alpine-2.24+dfsg1/pith/reply.c:868:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, ps_global->VAR_REPLY_STRING, sizeof(buf)-1); data/alpine-2.24+dfsg1/pith/reply.c:875:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pbf, repl, sizeof(pbf)-1); data/alpine-2.24+dfsg1/pith/reply.c:877:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rplstr(p, sizeof(buf)-(p-buf), strlen(from_token), pbf); data/alpine-2.24+dfsg1/pith/reply.c:886:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pbf, repl, sizeof(pbf)-1); data/alpine-2.24+dfsg1/pith/reply.c:888:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rplstr(p, sizeof(buf)-(p-buf), strlen(nick_token), pbf); data/alpine-2.24+dfsg1/pith/reply.c:907:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rplstr(p, sizeof(buf)-(p-buf), strlen(init_token), pbf); data/alpine-2.24+dfsg1/pith/reply.c:971:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). template_len = strlen(filtered); data/alpine-2.24+dfsg1/pith/reply.c:1459:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = 2 * strlen(NEWLINE); data/alpine-2.24+dfsg1/pith/reply.c:1461:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sig, NEWLINE, l); data/alpine-2.24+dfsg1/pith/reply.c:1463:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(sig, NEWLINE, l+1-1-strlen(sig)); data/alpine-2.24+dfsg1/pith/reply.c:1463:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(sig, NEWLINE, l+1-1-strlen(sig)); data/alpine-2.24+dfsg1/pith/reply.c:1531:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp_20k_buf, name, SIZEOF_20KBUF-1); data/alpine-2.24+dfsg1/pith/reply.c:1623:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxlen -= (l=strlen(p)); data/alpine-2.24+dfsg1/pith/reply.c:1626:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(p, " and ", maxlen); data/alpine-2.24+dfsg1/pith/reply.c:1634:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxlen -= (l=strlen(p)); data/alpine-2.24+dfsg1/pith/reply.c:1637:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(p, ", ", maxlen); data/alpine-2.24+dfsg1/pith/reply.c:1641:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxlen -= (l=strlen(p)); data/alpine-2.24+dfsg1/pith/reply.c:1644:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(p, ", and ", maxlen); data/alpine-2.24+dfsg1/pith/reply.c:1653:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxlen -= (l=strlen(p)); data/alpine-2.24+dfsg1/pith/reply.c:1656:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(p, ", ", maxlen); data/alpine-2.24+dfsg1/pith/reply.c:1660:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxlen -= (l=strlen(p)); data/alpine-2.24+dfsg1/pith/reply.c:1663:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(p, ", ", maxlen); data/alpine-2.24+dfsg1/pith/reply.c:1667:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxlen -= (l=strlen(p)); data/alpine-2.24+dfsg1/pith/reply.c:1670:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(p, ", and others", maxlen); data/alpine-2.24+dfsg1/pith/reply.c:1672:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(p, "...", maxlen); data/alpine-2.24+dfsg1/pith/reply.c:1759:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(p, " and ", maxlen); data/alpine-2.24+dfsg1/pith/reply.c:1775:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, tmp_20k_buf, orig_maxlen); data/alpine-2.24+dfsg1/pith/reply.c:1793:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(maxlen >= strlen(b)) data/alpine-2.24+dfsg1/pith/reply.c:1794:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(p, b, maxlen); data/alpine-2.24+dfsg1/pith/reply.c:1796:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(p, "...", maxlen); data/alpine-2.24+dfsg1/pith/reply.c:1802:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, tmp_20k_buf, orig_maxlen); data/alpine-2.24+dfsg1/pith/reply.c:1912:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, role->nick, maxlen); data/alpine-2.24+dfsg1/pith/reply.c:1918:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(maxlen >= strlen(NEWLINE)){ data/alpine-2.24+dfsg1/pith/reply.c:1919:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, NEWLINE, maxlen); data/alpine-2.24+dfsg1/pith/reply.c:1927:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(env->from->mailbox) <= maxlen){ data/alpine-2.24+dfsg1/pith/reply.c:1928:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, env->from->mailbox, maxlen); data/alpine-2.24+dfsg1/pith/reply.c:1934:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(buf) + strlen(env->from->host) + 1 <= maxlen){ data/alpine-2.24+dfsg1/pith/reply.c:1934:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(buf) + strlen(env->from->host) + 1 <= maxlen){ data/alpine-2.24+dfsg1/pith/reply.c:1935:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(buf, "@", maxlen+1-1-strlen(buf)); data/alpine-2.24+dfsg1/pith/reply.c:1935:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "@", maxlen+1-1-strlen(buf)); data/alpine-2.24+dfsg1/pith/reply.c:1937:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buf, env->from->host, maxlen+1-1-strlen(buf)); data/alpine-2.24+dfsg1/pith/reply.c:1937:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, env->from->host, maxlen+1-1-strlen(buf)); data/alpine-2.24+dfsg1/pith/reply.c:1966:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(space) + strlen(buf) + 5 > maxlen){ data/alpine-2.24+dfsg1/pith/reply.c:1966:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(space) + strlen(buf) + 5 > maxlen){ data/alpine-2.24+dfsg1/pith/reply.c:1967:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(space) > maxlen/2) data/alpine-2.24+dfsg1/pith/reply.c:1968:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). get_news_data(env, type, space, maxlen - strlen(buf) - 5); data/alpine-2.24+dfsg1/pith/reply.c:1970:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). get_addr_data(env, addrtype, buf, maxlen - strlen(space) - 5); data/alpine-2.24+dfsg1/pith/reply.c:1980:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, tmp_20k_buf, maxlen); data/alpine-2.24+dfsg1/pith/reply.c:1984:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, space, maxlen); data/alpine-2.24+dfsg1/pith/reply.c:1999:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((n = 4*strlen(env->subject)) > SIZEOF_20KBUF-1){ data/alpine-2.24+dfsg1/pith/reply.c:2023:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, env->message_id, maxlen); data/alpine-2.24+dfsg1/pith/reply.c:2055:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, ps_global->VAR_REPLY_INTRO, MAX_DELIM); data/alpine-2.24+dfsg1/pith/reply.c:2122:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(filtered); data/alpine-2.24+dfsg1/pith/reply.c:2213:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). b->size.bytes = strlen(tmp_text); data/alpine-2.24+dfsg1/pith/reply.c:2327:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp_20k_buf, buftmp, SIZEOF_20KBUF); data/alpine-2.24+dfsg1/pith/reply.c:2332:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((l = strlen(tmp_20k_buf)) < 1000 && data/alpine-2.24+dfsg1/pith/reply.c:2336:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(tmp_20k_buf, tmp_20k_buf+2000, strlen(tmp_20k_buf+2000)); data/alpine-2.24+dfsg1/pith/reply.c:2337:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp_20k_buf[strlen(tmp_20k_buf+2000)] = '\0'; data/alpine-2.24+dfsg1/pith/reply.c:2623:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (*outgoingp)->remail = (char *) fs_get(strlen(h) + (2 * i) + 1); data/alpine-2.24+dfsg1/pith/reply.c:2766:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gf_set_readc(&gc, text, (unsigned long)strlen(text), src, 0); data/alpine-2.24+dfsg1/pith/reply.c:2856:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). - (prefix ? strlen(prefix) : 0), data/alpine-2.24+dfsg1/pith/reply.c:2857:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). 80 - (prefix ? strlen(prefix) : 0)), data/alpine-2.24+dfsg1/pith/reply.c:3365:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). id = fs_get(strlen(leftpart) + strlen(hostpart) + 4); data/alpine-2.24+dfsg1/pith/reply.c:3365:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). id = fs_get(strlen(leftpart) + strlen(hostpart) + 4); data/alpine-2.24+dfsg1/pith/reply.c:3401:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = (char *) fs_get((strlen(src)+1) * sizeof(char)); data/alpine-2.24+dfsg1/pith/reply.c:3422:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = (char *) fs_get((strlen(src)+1) * sizeof(char)); data/alpine-2.24+dfsg1/pith/reply.c:3472:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmplit = (char *) fs_get((strlen(lit)+1) * sizeof(char)); data/alpine-2.24+dfsg1/pith/reply.c:3479:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(tmplit) + 5 + (prenewlines+postnewlines) * strlen(NEWLINE); data/alpine-2.24+dfsg1/pith/reply.c:3479:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(tmplit) + 5 + (prenewlines+postnewlines) * strlen(NEWLINE); data/alpine-2.24+dfsg1/pith/reply.c:3562:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t spl = strlen(sname); data/alpine-2.24+dfsg1/pith/reply.c:3565:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sbuf, sname, len-1); data/alpine-2.24+dfsg1/pith/reply.c:3568:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sbuf, sname, len-1); data/alpine-2.24+dfsg1/pith/reply.c:3573:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(ps_global->VAR_OPER_DIR) + spl < len - 1) data/alpine-2.24+dfsg1/pith/reply.c:3581:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sbuf,ps_global->pinerc,MIN(len-1,lc-ps_global->pinerc)); data/alpine-2.24+dfsg1/pith/reply.c:3585:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(sbuf, sname, MAX(len-1-strlen(sbuf), 0)); data/alpine-2.24+dfsg1/pith/reply.c:3585:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(sbuf, sname, MAX(len-1-strlen(sbuf), 0)); data/alpine-2.24+dfsg1/pith/rfc2231.c:47:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_len = strlen(name); data/alpine-2.24+dfsg1/pith/rfc2231.c:92:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(pieces[i]); data/alpine-2.24+dfsg1/pith/rfc2231.c:126:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cs, buf, sizeof(cs)); data/alpine-2.24+dfsg1/pith/save.c:88:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ps_global->last_save_folder, data/alpine-2.24+dfsg1/pith/save.c:542:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(user_flag_name) + 1; data/alpine-2.24+dfsg1/pith/save.c:550:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newlen = strlen(user_flag_name) + 1; data/alpine-2.24+dfsg1/pith/save.c:553:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = flags + strlen(flags); data/alpine-2.24+dfsg1/pith/save.c:569:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newlen = strlen("\\DELETED"); data/alpine-2.24+dfsg1/pith/save.c:572:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = flags + strlen(flags); data/alpine-2.24+dfsg1/pith/save.c:590:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). INIT(&msg, mail_string, (void *) dummymsg, strlen(dummymsg)); data/alpine-2.24+dfsg1/pith/save.c:1306:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(seq, long2string(raw), sizeof(seq)); data/alpine-2.24+dfsg1/pith/save.c:1482:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). blen = strlen(boundary); data/alpine-2.24+dfsg1/pith/save.c:1500:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(newsect, section, sizeof(newsect)); data/alpine-2.24+dfsg1/pith/save.c:1502:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). subsect = &newsect[n = strlen(newsect)]; data/alpine-2.24+dfsg1/pith/save.c:1512:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(subsect, int2string(n++), sizeof(newsect)-(subsect-newsect)); data/alpine-2.24+dfsg1/pith/save.c:1584:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return((*len = s ? strlen(s) : 0) ? gf_puts(s, pc) : 1); data/alpine-2.24+dfsg1/pith/save.c:1637:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmplen = strlen(_("A ")) + strlen(body_type_names(body->type)) + 1 data/alpine-2.24+dfsg1/pith/save.c:1637:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmplen = strlen(_("A ")) + strlen(body_type_names(body->type)) + 1 data/alpine-2.24+dfsg1/pith/save.c:1638:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(body->subtype ? body->subtype : "Unknown") data/alpine-2.24+dfsg1/pith/save.c:1639:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(name ? " (Name=\"" : "") data/alpine-2.24+dfsg1/pith/save.c:1640:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(name ? namebuf : "") data/alpine-2.24+dfsg1/pith/save.c:1641:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(name ? "\"" : "") + strlen(_(" segment described as ")) data/alpine-2.24+dfsg1/pith/save.c:1641:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(name ? "\"" : "") + strlen(_(" segment described as ")) data/alpine-2.24+dfsg1/pith/save.c:1642:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(descbuf) + strlen(_(" containing:")) + 1; data/alpine-2.24+dfsg1/pith/save.c:1642:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(descbuf) + strlen(_(" containing:")) + 1; data/alpine-2.24+dfsg1/pith/save.c:1652:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmplen = strlen(_("A ")) + strlen(body_type_names(body->type)) + 1 data/alpine-2.24+dfsg1/pith/save.c:1652:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmplen = strlen(_("A ")) + strlen(body_type_names(body->type)) + 1 data/alpine-2.24+dfsg1/pith/save.c:1653:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(body->subtype ? body->subtype : "Unknown") data/alpine-2.24+dfsg1/pith/save.c:1654:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(name ? " (Name=\"" : "") data/alpine-2.24+dfsg1/pith/save.c:1655:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(name ? namebuf : "") data/alpine-2.24+dfsg1/pith/save.c:1656:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(name ? "\"" : "") + strlen(_(" segment containing:")) + 1; data/alpine-2.24+dfsg1/pith/save.c:1656:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(name ? "\"" : "") + strlen(_(" segment containing:")) + 1; data/alpine-2.24+dfsg1/pith/save.c:1681:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmplen = strlen(_("A ")) + strlen(body_type_names(body->type)) + 1 data/alpine-2.24+dfsg1/pith/save.c:1681:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmplen = strlen(_("A ")) + strlen(body_type_names(body->type)) + 1 data/alpine-2.24+dfsg1/pith/save.c:1682:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(body->subtype && *body->subtype ? body->subtype : "Unknown") data/alpine-2.24+dfsg1/pith/save.c:1683:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(name ? " (Name=\"" : "") data/alpine-2.24+dfsg1/pith/save.c:1684:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(name ? namebuf : "") data/alpine-2.24+dfsg1/pith/save.c:1685:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(name ? "\"" : "") + strlen(_(" segment of about ")) data/alpine-2.24+dfsg1/pith/save.c:1685:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(name ? "\"" : "") + strlen(_(" segment of about ")) data/alpine-2.24+dfsg1/pith/save.c:1686:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(comatosep) + strlen(_(" bytes")) + 1 data/alpine-2.24+dfsg1/pith/save.c:1686:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(comatosep) + strlen(_(" bytes")) + 1 data/alpine-2.24+dfsg1/pith/save.c:1687:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(body->description && *body->description ? _(" described as \"") : "") data/alpine-2.24+dfsg1/pith/save.c:1688:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(body->description && *body->description ? descbuf : "") data/alpine-2.24+dfsg1/pith/save.c:1689:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(body->description && *body->description ? "\"": "") data/alpine-2.24+dfsg1/pith/save.c:1762:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = strlen(tmp_20k_buf); data/alpine-2.24+dfsg1/pith/send.c:261:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, tmp_20k_buf, sizeof(tmp)); data/alpine-2.24+dfsg1/pith/send.c:444:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((len=4*strlen(values[i])) > SIZEOF_20KBUF-1){ data/alpine-2.24+dfsg1/pith/send.c:1035:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!struncmp(p, fields[i], (n=strlen(fields[i]))) && p[n] == ':'){ data/alpine-2.24+dfsg1/pith/send.c:1046:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). values[i] = fs_get(strlen(text) + 1); data/alpine-2.24+dfsg1/pith/send.c:1051:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = values[i] + (values[i][0] ? strlen(values[i]) : 0); data/alpine-2.24+dfsg1/pith/send.c:1108:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((i = atoi(s+1)) && i < strlen(p)){ data/alpine-2.24+dfsg1/pith/send.c:1901:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(error_mess = error_buf, data/alpine-2.24+dfsg1/pith/send.c:1907:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(error_mess = error_buf, data/alpine-2.24+dfsg1/pith/send.c:2178:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sz += strlen(pf->name) + 1; data/alpine-2.24+dfsg1/pith/send.c:2247:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(label, "Fcc", sizeof(label)); data/alpine-2.24+dfsg1/pith/send.c:2367:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l1 = strlen(s1); data/alpine-2.24+dfsg1/pith/send.c:2368:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l2 = strlen(s2); data/alpine-2.24+dfsg1/pith/send.c:2369:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l3 = strlen(ps_global->c_client_error); data/alpine-2.24+dfsg1/pith/send.c:2424:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(msg_buf, "Writing ", sizeof(msg_buf)); data/alpine-2.24+dfsg1/pith/send.c:2426:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(msg_buf, label, sizeof(msg_buf)-10); data/alpine-2.24+dfsg1/pith/send.c:2439:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen((char *)so_text(tmp_storage))); data/alpine-2.24+dfsg1/pith/send.c:2893:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strlen(lp) < 4) data/alpine-2.24+dfsg1/pith/send.c:2950:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ? strlen("ReSent-") : 0) + data/alpine-2.24+dfsg1/pith/send.c:2951:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (field ? strlen(field) : 0) + 2; data/alpine-2.24+dfsg1/pith/send.c:3003:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ll = strlen(field) + strlen(value) + 20; data/alpine-2.24+dfsg1/pith/send.c:3003:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ll = strlen(field) + strlen(value) + 20; data/alpine-2.24+dfsg1/pith/send.c:3148:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(d, value, dlen-1); data/alpine-2.24+dfsg1/pith/send.c:3260:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((count = strlen(tmpptr)) > 2){ /* back over CRLF */ data/alpine-2.24+dfsg1/pith/send.c:3383:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(count + 2 + (i = strlen(tmpptr)) > 78){ /* wrap long lines... */ data/alpine-2.24+dfsg1/pith/send.c:3427:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). long i = strlen (header->env->remail); data/alpine-2.24+dfsg1/pith/send.c:3531:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char last_char = netmbox.host[strlen(netmbox.host) - 1], data/alpine-2.24+dfsg1/pith/send.c:3545:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(sstring,"UNAuthenticated Sender", sizeof(sstring)); data/alpine-2.24+dfsg1/pith/send.c:4299:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strlen(tmp) < sizeof(tmp)-2) data/alpine-2.24+dfsg1/pith/send.c:4300:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(tmp, "\015\012", sizeof(tmp) - strlen(tmp) - 1); data/alpine-2.24+dfsg1/pith/send.c:4300:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(tmp, "\015\012", sizeof(tmp) - strlen(tmp) - 1); data/alpine-2.24+dfsg1/pith/send.c:4521:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strlen(body->description) < 5000 /* arbitrary! */ data/alpine-2.24+dfsg1/pith/send.c:4534:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen((char *)stl->text.data) > 500) /* arbitrary! */ data/alpine-2.24+dfsg1/pith/send.c:5467:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(errbuf,_("SMTP-server must be defined!"),errbuflen); data/alpine-2.24+dfsg1/pith/send.c:5479:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(errbuf, _("No default posting command."), errbuflen); data/alpine-2.24+dfsg1/pith/send.c:5560:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cmd = cmd_buf, DF_SENDMAIL_PATH, sizeof(cmd_buf)-1); data/alpine-2.24+dfsg1/pith/send.c:5608:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, err, sizeof(tmp)-1); data/alpine-2.24+dfsg1/pith/send.c:5618:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(err = errbuf, _("Can't post, NNTP-server must be defined!"), errbuflen-1); data/alpine-2.24+dfsg1/pith/send.c:5650:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(errs, _("Error posting."), errslen-1); data/alpine-2.24+dfsg1/pith/send.c:5684:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((n = (p = strstr(s, "\015\012")) ? p - s : strlen(s)) != 0){ data/alpine-2.24+dfsg1/pith/send.c:5766:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return(piped_sout(stream, s, strlen(s))); data/alpine-2.24+dfsg1/pith/send.c:5825:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((cnt = read(S(stream)->in.d, S(stream)->tmp, GETBUFLEN)) < 0) data/alpine-2.24+dfsg1/pith/send.c:5858:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((cnt = read(S(stream)->in.d, S(stream)->tmp, GETBUFLEN)) < 0) data/alpine-2.24+dfsg1/pith/send.c:5883:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = (char *) fs_get(n + 1 + (m = strlen (s))); data/alpine-2.24+dfsg1/pith/smime.c:136:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((ll=strlen(d->d_name)) && ll > 4){ data/alpine-2.24+dfsg1/pith/smime.c:138:15: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, d->d_name, sizeof(buf)); data/alpine-2.24+dfsg1/pith/smime.c:141:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf[strlen(buf)-4] = '\0'; data/alpine-2.24+dfsg1/pith/smime.c:220:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pathdir, ps_global->pwdcertdir, sizeof(pathdir)); data/alpine-2.24+dfsg1/pith/smime.c:284:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(pathkey, ".key", 5); data/alpine-2.24+dfsg1/pith/smime.c:294:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((t = strstr(s+strlen(tmp), EMAILADDRLEADER)) != NULL){ data/alpine-2.24+dfsg1/pith/smime.c:297:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pc->keytext = cpystr(s + strlen(tmp) + strlen(NEWLINE)); data/alpine-2.24+dfsg1/pith/smime.c:297:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pc->keytext = cpystr(s + strlen(tmp) + strlen(NEWLINE)); data/alpine-2.24+dfsg1/pith/smime.c:301:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pc->keytext = cpystr(s + strlen(tmp) + strlen(NEWLINE)); data/alpine-2.24+dfsg1/pith/smime.c:301:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pc->keytext = cpystr(s + strlen(tmp) + strlen(NEWLINE)); data/alpine-2.24+dfsg1/pith/smime.c:324:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(fpath, ".key", 5); data/alpine-2.24+dfsg1/pith/smime.c:349:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(pathkey, ".crt", 5); data/alpine-2.24+dfsg1/pith/smime.c:353:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(fpath, ".crt", 5); data/alpine-2.24+dfsg1/pith/smime.c:400:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(fpath, ".key", 5); data/alpine-2.24+dfsg1/pith/smime.c:404:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(fpath2, ".key", 5); data/alpine-2.24+dfsg1/pith/smime.c:480:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(ctype == Private && strlen(buf) + strlen(EXTCERT(Private)) < sizeof(buf)){ data/alpine-2.24+dfsg1/pith/smime.c:480:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(ctype == Private && strlen(buf) + strlen(EXTCERT(Private)) < sizeof(buf)){ data/alpine-2.24+dfsg1/pith/smime.c:481:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buf, EXTCERT(Private), 5); data/alpine-2.24+dfsg1/pith/smime.c:499:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((t = strstr(s+strlen(tmp), prefix)) == NULL) data/alpine-2.24+dfsg1/pith/smime.c:502:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(s, t, strlen(t)+1); data/alpine-2.24+dfsg1/pith/smime.c:503:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fs_resize((void **)&contents, strlen(contents)+1); data/alpine-2.24+dfsg1/pith/smime.c:575:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). in = text ? BIO_new_mem_buf(text, strlen(text)) : BIO_new_file(fpath, "r"); data/alpine-2.24+dfsg1/pith/smime.c:627:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(full_filename, fname, sizeof(full_filename)); data/alpine-2.24+dfsg1/pith/smime.c:629:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename, s+1, sizeof(filename)); data/alpine-2.24+dfsg1/pith/smime.c:648:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(filename) > 4){ data/alpine-2.24+dfsg1/pith/smime.c:649:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(s, filename, sizeof(s)); data/alpine-2.24+dfsg1/pith/smime.c:651:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!strcmp(s + strlen(s) - strlen(EXTCERT(Private)), EXTCERT(Private))) data/alpine-2.24+dfsg1/pith/smime.c:651:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!strcmp(s + strlen(s) - strlen(EXTCERT(Private)), EXTCERT(Private))) data/alpine-2.24+dfsg1/pith/smime.c:652:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s[strlen(s) - strlen(EXTCERT(Private))] = '\0'; data/alpine-2.24+dfsg1/pith/smime.c:652:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s[strlen(s) - strlen(EXTCERT(Private))] = '\0'; data/alpine-2.24+dfsg1/pith/smime.c:669:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(full_name_key, full_filename, sizeof(full_filename)); data/alpine-2.24+dfsg1/pith/smime.c:674:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(PrivateKeyPath, buf, sizeof(PrivateKeyPath)); data/alpine-2.24+dfsg1/pith/smime.c:676:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(PrivateKeyPath) + 4 < sizeof(PrivateKeyPath)){ data/alpine-2.24+dfsg1/pith/smime.c:677:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(PrivateKeyPath, EXTCERT(Private), 5); data/alpine-2.24+dfsg1/pith/smime.c:682:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(full_name_cert, full_name_key, sizeof(full_name_key)); data/alpine-2.24+dfsg1/pith/smime.c:684:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). full_name_cert[strlen(full_name_cert) - strlen(EXTCERT(Private))] = '\0'; data/alpine-2.24+dfsg1/pith/smime.c:684:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). full_name_cert[strlen(full_name_cert) - strlen(EXTCERT(Private))] = '\0'; data/alpine-2.24+dfsg1/pith/smime.c:685:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(full_name_cert, EXTCERT(Public), 5); data/alpine-2.24+dfsg1/pith/smime.c:690:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(PublicCertPath, buf, sizeof(PublicCertPath)); data/alpine-2.24+dfsg1/pith/smime.c:692:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(PublicCertPath) + 4 < sizeof(PublicCertPath)){ data/alpine-2.24+dfsg1/pith/smime.c:693:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(PublicCertPath, EXTCERT(Public), 5); data/alpine-2.24+dfsg1/pith/smime.c:787:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filename[strlen(filename)-strlen(EXTCERT(Private))] = '\0'; data/alpine-2.24+dfsg1/pith/smime.c:787:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filename[strlen(filename)-strlen(EXTCERT(Private))] = '\0'; data/alpine-2.24+dfsg1/pith/smime.c:798:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buf, EXTCERT(Private), 5); data/alpine-2.24+dfsg1/pith/smime.c:869:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strcmp(buf + strlen(buf) - 4, EXTCERT(ctype)) != 0 && strlen(buf) + 4 < sizeof(buf)){ data/alpine-2.24+dfsg1/pith/smime.c:869:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strcmp(buf + strlen(buf) - 4, EXTCERT(ctype)) != 0 && strlen(buf) + 4 < sizeof(buf)){ data/alpine-2.24+dfsg1/pith/smime.c:870:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buf, EXTCERT(ctype), 5); data/alpine-2.24+dfsg1/pith/smime.c:894:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strcmp(buf + strlen(buf) - 4, ".crt") != 0 && strlen(buf) + 4 < sizeof(buf)){ data/alpine-2.24+dfsg1/pith/smime.c:894:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strcmp(buf + strlen(buf) - 4, ".crt") != 0 && strlen(buf) + 4 < sizeof(buf)){ data/alpine-2.24+dfsg1/pith/smime.c:895:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buf, EXTCERT(ctype), 5); data/alpine-2.24+dfsg1/pith/smime.c:931:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strcmp(filename + strlen(filename) - 4, ".crt") == 0) data/alpine-2.24+dfsg1/pith/smime.c:932:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filename[strlen(filename) - 4] = '\0'; data/alpine-2.24+dfsg1/pith/smime.c:1031:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t spl = strlen(rpath); data/alpine-2.24+dfsg1/pith/smime.c:1035:15: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fpath, rpath, len-1); data/alpine-2.24+dfsg1/pith/smime.c:1039:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fpath, rpath, len-1); data/alpine-2.24+dfsg1/pith/smime.c:1044:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(ps_global->VAR_OPER_DIR) + spl < len - 1) data/alpine-2.24+dfsg1/pith/smime.c:1048:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(ps_global->home_dir) + spl < len - 1) data/alpine-2.24+dfsg1/pith/smime.c:1101:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, tf, sizeof(tmp)); data/alpine-2.24+dfsg1/pith/smime.c:1115:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp+strlen(tmp), sizeof(tmp)-strlen(tmp), "%.80s%lx%lx%lx", data/alpine-2.24+dfsg1/pith/smime.c:1115:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tmp+strlen(tmp), sizeof(tmp)-strlen(tmp), "%.80s%lx%lx%lx", data/alpine-2.24+dfsg1/pith/smime.c:1119:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). RAND_seed(tmp, strlen(tmp)); data/alpine-2.24+dfsg1/pith/smime.c:1322:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf, sizeof(buf), "%s%s*.*", path, (path[strlen(path)-1] == '\\') ? "" : "\\"); data/alpine-2.24+dfsg1/pith/smime.c:1330:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((ll=strlen(fname)) && ll > 4 && !strcmp(fname+ll-4, ".key")){ data/alpine-2.24+dfsg1/pith/smime.c:1333:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf2, fname, sizeof(buf2)-1); data/alpine-2.24+dfsg1/pith/smime.c:1336:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf2[strlen(buf2)-4] = '\0'; data/alpine-2.24+dfsg1/pith/smime.c:1348:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buf2, EXTCERT(Public), 5); data/alpine-2.24+dfsg1/pith/smime.c:1644:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((ll = strlen(++name)) > 4 && strucmp(name + ll - 4, EXTCERT(ctype)) == 0) data/alpine-2.24+dfsg1/pith/smime.c:1645:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name[ll-strlen(EXTCERT(ctype))] = '\0'; data/alpine-2.24+dfsg1/pith/smime.c:1651:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen = strlen(content) + strlen(sep) + strlen(name) + sbuf.st_size + 2*strlen(NEWLINE) + 1; data/alpine-2.24+dfsg1/pith/smime.c:1651:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen = strlen(content) + strlen(sep) + strlen(name) + sbuf.st_size + 2*strlen(NEWLINE) + 1; data/alpine-2.24+dfsg1/pith/smime.c:1651:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen = strlen(content) + strlen(sep) + strlen(name) + sbuf.st_size + 2*strlen(NEWLINE) + 1; data/alpine-2.24+dfsg1/pith/smime.c:1651:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen = strlen(content) + strlen(sep) + strlen(name) + sbuf.st_size + 2*strlen(NEWLINE) + 1; data/alpine-2.24+dfsg1/pith/smime.c:1654:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). content += strlen(content); data/alpine-2.24+dfsg1/pith/smime.c:1657:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen = strlen(sep) + strlen(name) + sbuf.st_size + strlen(NEWLINE) + 1; data/alpine-2.24+dfsg1/pith/smime.c:1657:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen = strlen(sep) + strlen(name) + sbuf.st_size + strlen(NEWLINE) + 1; data/alpine-2.24+dfsg1/pith/smime.c:1657:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen = strlen(sep) + strlen(name) + sbuf.st_size + strlen(NEWLINE) + 1; data/alpine-2.24+dfsg1/pith/smime.c:1661:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(content, sep, clen - strlen(content)); data/alpine-2.24+dfsg1/pith/smime.c:1661:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(content, sep, clen - strlen(content)); data/alpine-2.24+dfsg1/pith/smime.c:1662:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(content, name, clen - strlen(content)); data/alpine-2.24+dfsg1/pith/smime.c:1662:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(content, name, clen - strlen(content)); data/alpine-2.24+dfsg1/pith/smime.c:1663:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). content += strlen(content); data/alpine-2.24+dfsg1/pith/smime.c:1763:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!(filesuffix && strlen(filesuffix) == 4)){ data/alpine-2.24+dfsg1/pith/smime.c:1827:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dstpath, rd->lf, sizeof(dstpath)-1); data/alpine-2.24+dfsg1/pith/smime.c:1831:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dstpath, configpath, sizeof(dstpath)-1); data/alpine-2.24+dfsg1/pith/smime.c:1859:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf, sizeof(buf), "%s%s*.*", srcpath, (srcpath[strlen(srcpath)-1] == '\\') ? "" : "\\"); data/alpine-2.24+dfsg1/pith/smime.c:1867:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((ll=strlen(fname)) && ll > 4 && !strcmp(fname+ll-4, filesuffix)){ data/alpine-2.24+dfsg1/pith/smime.c:1870:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(emailaddr, fname, sizeof(emailaddr)-1); data/alpine-2.24+dfsg1/pith/smime.c:1873:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). emailaddr[strlen(emailaddr)-4] = 0; data/alpine-2.24+dfsg1/pith/smime.c:1901:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strncmp("-----BEGIN", line, strlen("-----BEGIN")) == 0) data/alpine-2.24+dfsg1/pith/smime.c:1907:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strncmp("-----END", line, strlen("-----END")) == 0) data/alpine-2.24+dfsg1/pith/smime.c:1928:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fpath, configpath, sizeof(fpath)); data/alpine-2.24+dfsg1/pith/smime.c:1932:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(dstpath) + strlen(configcontainer) - strlen(ret_dir) + 1 < sizeof(dstpath)) data/alpine-2.24+dfsg1/pith/smime.c:1932:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(dstpath) + strlen(configcontainer) - strlen(ret_dir) + 1 < sizeof(dstpath)) data/alpine-2.24+dfsg1/pith/smime.c:1932:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(dstpath) + strlen(configcontainer) - strlen(ret_dir) + 1 < sizeof(dstpath)) data/alpine-2.24+dfsg1/pith/smime.c:1934:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dstpath, tempfile[strlen(ret_dir)], configcontainer); data/alpine-2.24+dfsg1/pith/smime.c:2136:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!(filesuffix && strlen(filesuffix) == 4)){ data/alpine-2.24+dfsg1/pith/smime.c:2154:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strncmp(leader, line, strlen(leader)) == 0){ data/alpine-2.24+dfsg1/pith/smime.c:2155:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = line + strlen(leader); data/alpine-2.24+dfsg1/pith/smime.c:2157:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strncmp("-----BEGIN", certtext, strlen("-----BEGIN")) == 0){ data/alpine-2.24+dfsg1/pith/smime.c:2162:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q = certtext + strlen(certtext); data/alpine-2.24+dfsg1/pith/smime.c:2166:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, name, sizeof(buf)-5); data/alpine-2.24+dfsg1/pith/smime.c:2168:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buf, filesuffix, 5); data/alpine-2.24+dfsg1/pith/smime.c:3035:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(mtext, mimetext, mlen = mimelen); data/alpine-2.24+dfsg1/pith/smime.c:3036:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(btext, bodytext, blen = bodylen); data/alpine-2.24+dfsg1/pith/smime.c:3273:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = strchr(text + strlen("-----BEGIN PKCS7-----") + strlen(NEWLINE), '-'); data/alpine-2.24+dfsg1/pith/smime.c:3273:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = strchr(text + strlen("-----BEGIN PKCS7-----") + strlen(NEWLINE), '-'); data/alpine-2.24+dfsg1/pith/smime.c:3275:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = text + strlen("-----BEGIN PKCS7-----") + strlen(NEWLINE); data/alpine-2.24+dfsg1/pith/smime.c:3275:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = text + strlen("-----BEGIN PKCS7-----") + strlen(NEWLINE); data/alpine-2.24+dfsg1/pith/smime.c:3277:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = rfc822_base64((unsigned char *)tmp, strlen(tmp), &len); data/alpine-2.24+dfsg1/pith/smime.c:3295:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(text, tmp, len); data/alpine-2.24+dfsg1/pith/smime.c:3450:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). h = t = fs_get(strlen(bptr->data) + lines + 1); data/alpine-2.24+dfsg1/pith/smime.c:3471:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). INIT(&s, mail_string, bstart, strlen(bstart)); data/alpine-2.24+dfsg1/pith/smime.c:3483:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). st->data = (void *) cpystr(bstart + strlen(cookie)+4); /* 4 = strlen("--\r\n") */ data/alpine-2.24+dfsg1/pith/smime.c:3484:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). st->size = body->nested.part->next->body.mime.offset - 2*(strlen(cookie) + 4); data/alpine-2.24+dfsg1/pith/smkeys.c:67:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if(strlen(password) < 8){ data/alpine-2.24+dfsg1/pith/smkeys.c:192:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). keyfile[strlen(keyfile)-4] = '\0'; /* keyfile does not have .key extension */ data/alpine-2.24+dfsg1/pith/smkeys.c:321:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(d) + strlen(S_FILESEP) + strlen(SMIME_BACKUP_DIR) + 1; data/alpine-2.24+dfsg1/pith/smkeys.c:321:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(d) + strlen(S_FILESEP) + strlen(SMIME_BACKUP_DIR) + 1; data/alpine-2.24+dfsg1/pith/smkeys.c:321:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(d) + strlen(S_FILESEP) + strlen(SMIME_BACKUP_DIR) + 1; data/alpine-2.24+dfsg1/pith/smkeys.c:337:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(p, buf2, MAXPATH); data/alpine-2.24+dfsg1/pith/smkeys.c:355:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(d) + strlen(clname) + 2; data/alpine-2.24+dfsg1/pith/smkeys.c:355:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(d) + strlen(clname) + 2; data/alpine-2.24+dfsg1/pith/smkeys.c:359:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(p) + strlen(clname) + strlen(cl->data.md5) + 3; data/alpine-2.24+dfsg1/pith/smkeys.c:359:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(p) + strlen(clname) + strlen(cl->data.md5) + 3; data/alpine-2.24+dfsg1/pith/smkeys.c:359:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(p) + strlen(clname) + strlen(cl->data.md5) + 3; data/alpine-2.24+dfsg1/pith/smkeys.c:423:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(bufn, sizeof(bufn), "%s%s*.*", p, (p[strlen(p) - 1] == '\\') ? "" : "\\"); data/alpine-2.24+dfsg1/pith/smkeys.c:559:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cll[i]->name[strlen(cll[i]->name)]= '.'; /* restore ".crt" part */ data/alpine-2.24+dfsg1/pith/smkeys.c:562:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cll[j-1]->name[strlen(cll[j-1]->name)]= '.'; /* restore ".crt" part */ data/alpine-2.24+dfsg1/pith/smkeys.c:679:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf, sizeof(buf), "%s/%s/%s", m, d, y + strlen(y) - 2); data/alpine-2.24+dfsg1/pith/smkeys.c:709:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(bufn, sizeof(bufn), "%s%s*.*", path, (path[strlen(path)-1] == '\\') ? "" : "\\"); data/alpine-2.24+dfsg1/pith/smkeys.c:859:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, pc->name, sizeof(buf)-5); data/alpine-2.24+dfsg1/pith/smkeys.c:861:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, ".key", 5); data/alpine-2.24+dfsg1/pith/smkeys.c:1037:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path, rd->lf, sizeof(path)-1); data/alpine-2.24+dfsg1/pith/smkeys.c:1041:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path, upath, sizeof(path)-1); data/alpine-2.24+dfsg1/pith/smkeys.c:1052:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fpath, rd->lf, sizeof(fpath)); data/alpine-2.24+dfsg1/pith/smkeys.c:1056:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(path) + strlen(tempfile) - strlen(ret_dir) + 1 < sizeof(path)) data/alpine-2.24+dfsg1/pith/smkeys.c:1056:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(path) + strlen(tempfile) - strlen(ret_dir) + 1 < sizeof(path)) data/alpine-2.24+dfsg1/pith/smkeys.c:1056:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(path) + strlen(tempfile) - strlen(ret_dir) + 1 < sizeof(path)) data/alpine-2.24+dfsg1/pith/smkeys.c:1058:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path, tempfile[strlen(ret_dir)], tempfile + strlen(ret_dir) + 1); data/alpine-2.24+dfsg1/pith/smkeys.c:1058:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path, tempfile[strlen(ret_dir)], tempfile + strlen(ret_dir) + 1); data/alpine-2.24+dfsg1/pith/smkeys.c:1123:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(certfilename, ".crt", sizeof(certfilename)-1-strlen(certfilename)); data/alpine-2.24+dfsg1/pith/smkeys.c:1123:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(certfilename, ".crt", sizeof(certfilename)-1-strlen(certfilename)); data/alpine-2.24+dfsg1/pith/smkeys.c:1153:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(certfilename, EXTCERT(Public), sizeof(certfilename)-1-strlen(certfilename)); data/alpine-2.24+dfsg1/pith/smkeys.c:1153:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(certfilename, EXTCERT(Public), sizeof(certfilename)-1-strlen(certfilename)); data/alpine-2.24+dfsg1/pith/smkeys.c:1177:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(emailaddr, email, sizeof(emailaddr)-1); data/alpine-2.24+dfsg1/pith/smkeys.c:1203:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). attrib.length = strlen(attrib.data); data/alpine-2.24+dfsg1/pith/smkeys.c:1258:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(certfilename, EXTCERT(ctype), sizeof(certfilename)-1-strlen(certfilename)); data/alpine-2.24+dfsg1/pith/smkeys.c:1258:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(certfilename, EXTCERT(ctype), sizeof(certfilename)-1-strlen(certfilename)); data/alpine-2.24+dfsg1/pith/smkeys.c:1312:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(bufn, sizeof(bufn), "%s%s*.*", pathdir, (pathdir[strlen(pathdir)-1] == '\\') ? "" : "\\"); data/alpine-2.24+dfsg1/pith/smkeys.c:1318:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((ll=strlen(fname)) && ll > 4){ data/alpine-2.24+dfsg1/pith/smkeys.c:1320:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, fname, sizeof(buf)); data/alpine-2.24+dfsg1/pith/smkeys.c:1369:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strncmp(EMAILADDRLEADER, line, strlen(EMAILADDRLEADER)) == 0){ data/alpine-2.24+dfsg1/pith/smkeys.c:1370:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = line + strlen(EMAILADDRLEADER); data/alpine-2.24+dfsg1/pith/smkeys.c:1385:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = p + strlen(p); data/alpine-2.24+dfsg1/pith/smkeys.c:1437:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strncmp(sep, line, strlen(sep)) == 0){ data/alpine-2.24+dfsg1/pith/smkeys.c:1438:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = line + strlen(sep); data/alpine-2.24+dfsg1/pith/smkeys.c:1445:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = q = certtext+strlen(certtext); data/alpine-2.24+dfsg1/pith/smkeys.c:1454:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = p + strlen(p); data/alpine-2.24+dfsg1/pith/smkeys.c:1510:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strncmp(CACERTSTORELEADER, line, strlen(CACERTSTORELEADER)) == 0){ data/alpine-2.24+dfsg1/pith/smkeys.c:1518:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q = certtext + strlen(certtext); data/alpine-2.24+dfsg1/pith/smkeys.c:1544:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = p + strlen(p); data/alpine-2.24+dfsg1/pith/smkeys.c:1549:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = p + strlen(p); data/alpine-2.24+dfsg1/pith/sort.c:545:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(struncmp(sort_spec, "reverse", strlen(sort_spec)) == 0){ data/alpine-2.24+dfsg1/pith/sort.c:556:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(struncmp(sep, "reverse", strlen(sep)) == 0) data/alpine-2.24+dfsg1/pith/sort.c:566:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sort_spec, strlen(sort_spec)) == 0) data/alpine-2.24+dfsg1/pith/store.c:590:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int slen = strlen(s); data/alpine-2.24+dfsg1/pith/store.c:622:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int slen = strlen(s); data/alpine-2.24+dfsg1/pith/store.c:639:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rv = fwrite(s, strlen(s)*sizeof(char), (size_t)1, (FILE *)so->txt); data/alpine-2.24+dfsg1/pith/store.c:649:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int slen = strlen(s); data/alpine-2.24+dfsg1/pith/store.c:713:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int slen = strlen(s); data/alpine-2.24+dfsg1/pith/stream.c:958:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(mailbox); data/alpine-2.24+dfsg1/pith/stream.c:960:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(mailbox_nodelim, mailbox, MIN(len-1,sizeof(mailbox_nodelim)-1)); data/alpine-2.24+dfsg1/pith/stream.c:1118:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(mailbox); data/alpine-2.24+dfsg1/pith/stream.c:1120:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(mailbox_nodelim, mailbox, MIN(len-1,sizeof(mailbox_nodelim)-1)); data/alpine-2.24+dfsg1/pith/stream.c:1706:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). firstbyte = pftc->read ; data/alpine-2.24+dfsg1/pith/stream.c:1715:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(pftc->read != lastbyte) data/alpine-2.24+dfsg1/pith/stream.c:1718:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). && (!get_n_bytes || (pftc->read < get_n_bytes))); data/alpine-2.24+dfsg1/pith/stream.c:1721:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size, pftc->read)); data/alpine-2.24+dfsg1/pith/stream.c:1723:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). new_text.size = pftc->read; data/alpine-2.24+dfsg1/pith/stream.c:2221:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sourcebuf, mbox+6, i); /* copy source mailbox name */ data/alpine-2.24+dfsg1/pith/string.c:90:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). x1 = os + strlen(os); data/alpine-2.24+dfsg1/pith/string.c:98:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). x2 = is + strlen(is); data/alpine-2.24+dfsg1/pith/string.c:266:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = string + strlen(string) - 1; data/alpine-2.24+dfsg1/pith/string.c:408:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buf, "....", buflen); data/alpine-2.24+dfsg1/pith/string.c:446:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(q, "...", buflen - (q-buf)); data/alpine-2.24+dfsg1/pith/string.c:448:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q += strlen(q); data/alpine-2.24+dfsg1/pith/string.c:454:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = utf8_count_back_width(src, src+strlen(src), second, &got_width); data/alpine-2.24+dfsg1/pith/string.c:455:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(buflen - (q-buf) > strlen(p)){ data/alpine-2.24+dfsg1/pith/string.c:456:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(q, p, buflen - (q-buf)); data/alpine-2.24+dfsg1/pith/string.c:458:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q += strlen(q); data/alpine-2.24+dfsg1/pith/string.c:537:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(ss) > sizeof(temp) - 2) data/alpine-2.24+dfsg1/pith/string.c:538:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ss_store = (char *)fs_get(strlen(ss) + 1); data/alpine-2.24+dfsg1/pith/string.c:549:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). is = is + strlen(is) - strlen(ss_store); data/alpine-2.24+dfsg1/pith/string.c:549:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). is = is + strlen(is) - strlen(ss_store); data/alpine-2.24+dfsg1/pith/string.c:769:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, s, bufsize); data/alpine-2.24+dfsg1/pith/string.c:831:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = buf+strlen(buf) + 1; data/alpine-2.24+dfsg1/pith/string.c:972:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dst, u, dst_size); data/alpine-2.24+dfsg1/pith/string.c:977:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return(strlen(dst)); data/alpine-2.24+dfsg1/pith/string.c:1002:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(s && strlen(s) > 4 && s[4] == '-'){ data/alpine-2.24+dfsg1/pith/string.c:1026:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(s && strlen(s) > 3 && s[3] == '-'){ data/alpine-2.24+dfsg1/pith/string.c:1434:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(string, "0 bytes", sizeof(string)); data/alpine-2.24+dfsg1/pith/string.c:1540:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nbindent2 = strlen(indent); data/alpine-2.24+dfsg1/pith/string.c:1545:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nb = strlen(first_indent); data/alpine-2.24+dfsg1/pith/string.c:1566:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nb += (strlen(next_piece) + eol); data/alpine-2.24+dfsg1/pith/string.c:1592:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i = starting_point; winner == -1 && i <= strlen(next_piece) != '\0' && i < 512; i++){ data/alpine-2.24+dfsg1/pith/string.c:1668:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i = starting_point; winner == -1 && i <= strlen(next_piece) && i < 512; i++){ data/alpine-2.24+dfsg1/pith/string.c:1918:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, string, token - string); data/alpine-2.24+dfsg1/pith/string.c:1940:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *value = p = (char *)fs_get((strlen(token) + 1) * sizeof(char)); data/alpine-2.24+dfsg1/pith/string.c:1983:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(lab) + strlen(val) +1; data/alpine-2.24+dfsg1/pith/string.c:1983:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(lab) + strlen(val) +1; data/alpine-2.24+dfsg1/pith/string.c:2021:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(qsrc)+2; data/alpine-2.24+dfsg1/pith/string.c:2501:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = q = (char *)fs_get(strlen(src) + 1); data/alpine-2.24+dfsg1/pith/string.c:2626:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = ans = (char *)fs_get(strlen(src) + 1); data/alpine-2.24+dfsg1/pith/string.c:2706:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = q = (char *)fs_get(2*strlen(src) + 1); data/alpine-2.24+dfsg1/pith/string.c:2769:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = q = (char *)fs_get(strlen(src) + 1); data/alpine-2.24+dfsg1/pith/string.c:2849:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = authtype ? strlen(authtype) : 0; data/alpine-2.24+dfsg1/pith/string.c:2854:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sp->name = fs_get(strlen(name) + len + offset + 1); data/alpine-2.24+dfsg1/pith/string.c:2958:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i = 0, j = 0; i < len && j < strlen(symbols); j++){ data/alpine-2.24+dfsg1/pith/strlst.c:37:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl->text.size = strlen(*l); data/alpine-2.24+dfsg1/pith/takeaddr.c:879:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q = strlen(h); data/alpine-2.24+dfsg1/pith/takeaddr.c:883:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rplstr(p, q-(p-h), strlen(fname), ""); /* strip field strings */ data/alpine-2.24+dfsg1/pith/takeaddr.c:902:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned long)strlen(h), &l); data/alpine-2.24+dfsg1/pith/takeaddr.c:904:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ll = strlen(p) + 3; data/alpine-2.24+dfsg1/pith/takeaddr.c:1043:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned long)strlen(value), data/alpine-2.24+dfsg1/pith/takeaddr.c:1093:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((used + strlen(encoded) + 1) > space){ data/alpine-2.24+dfsg1/pith/takeaddr.c:1099:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(addrs, ",", space+1-1-strlen(addrs)); data/alpine-2.24+dfsg1/pith/takeaddr.c:1099:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(addrs, ",", space+1-1-strlen(addrs)); data/alpine-2.24+dfsg1/pith/takeaddr.c:1103:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(addrs, encoded, space+1-1-strlen(addrs)); data/alpine-2.24+dfsg1/pith/takeaddr.c:1103:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(addrs, encoded, space+1-1-strlen(addrs)); data/alpine-2.24+dfsg1/pith/takeaddr.c:1105:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). used += (strlen(encoded) + 1); data/alpine-2.24+dfsg1/pith/takeaddr.c:1548:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(cset); data/alpine-2.24+dfsg1/pith/takeaddr.c:1569:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(enc); data/alpine-2.24+dfsg1/pith/takeaddr.c:1621:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(p = inc + strlen(inc) - 1; *p && p >= inc && data/alpine-2.24+dfsg1/pith/takeaddr.c:1651:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nf, inc, MIN(nbuf - (add_quotes ? 3 : 1), nbuf-(nf-new_full)-1)); data/alpine-2.24+dfsg1/pith/takeaddr.c:1654:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(nf, "\"", nbuf-(nf-new_full)-1); data/alpine-2.24+dfsg1/pith/takeaddr.c:1689:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(new_full, inc, nbuf-1); data/alpine-2.24+dfsg1/pith/takeaddr.c:1728:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned long)strlen(text), data/alpine-2.24+dfsg1/pith/takeaddr.c:1743:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned long)strlen(text), data/alpine-2.24+dfsg1/pith/tempfile.c:47:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir, filename, MIN(to_copy, sizeof(dir)-1)); data/alpine-2.24+dfsg1/pith/tempfile.c:86:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return(*dir ? !strncmp(dir, path, strlen(dir)) : 0); data/alpine-2.24+dfsg1/pith/text.c:479:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = &buf[strlen(buf)]; data/alpine-2.24+dfsg1/pith/text.c:516:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *p = strlen(p + 1); data/alpine-2.24+dfsg1/pith/text.c:619:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(lp) < len) data/alpine-2.24+dfsg1/pith/text.c:661:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cestart, color_embed(col->fg, col->bg), sizeof(cestart)); data/alpine-2.24+dfsg1/pith/text.c:663:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ceend, color_embed(ps_global->VAR_NORM_FORE_COLOR, data/alpine-2.24+dfsg1/pith/text.c:673:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(tmp)-strlen(cestart)-strlen(ceend)-2 > ps_global->ttyo->screen_cols){ data/alpine-2.24+dfsg1/pith/text.c:673:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(tmp)-strlen(cestart)-strlen(ceend)-2 > ps_global->ttyo->screen_cols){ data/alpine-2.24+dfsg1/pith/text.c:673:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(tmp)-strlen(cestart)-strlen(ceend)-2 > ps_global->ttyo->screen_cols){ data/alpine-2.24+dfsg1/pith/text.c:679:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(tmp)-strlen(cestart)-strlen(ceend)-2 > ps_global->ttyo->screen_cols){ data/alpine-2.24+dfsg1/pith/text.c:679:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(tmp)-strlen(cestart)-strlen(ceend)-2 > ps_global->ttyo->screen_cols){ data/alpine-2.24+dfsg1/pith/text.c:679:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(tmp)-strlen(cestart)-strlen(ceend)-2 > ps_global->ttyo->screen_cols){ data/alpine-2.24+dfsg1/pith/text.c:684:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(tmp)-strlen(cestart)-strlen(ceend)-2 > ps_global->ttyo->screen_cols){ data/alpine-2.24+dfsg1/pith/text.c:684:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(tmp)-strlen(cestart)-strlen(ceend)-2 > ps_global->ttyo->screen_cols){ data/alpine-2.24+dfsg1/pith/text.c:684:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(tmp)-strlen(cestart)-strlen(ceend)-2 > ps_global->ttyo->screen_cols){ data/alpine-2.24+dfsg1/pith/text.c:689:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(tmp)-strlen(cestart)-strlen(ceend)-2 > ps_global->ttyo->screen_cols){ data/alpine-2.24+dfsg1/pith/text.c:689:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(tmp)-strlen(cestart)-strlen(ceend)-2 > ps_global->ttyo->screen_cols){ data/alpine-2.24+dfsg1/pith/text.c:689:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(tmp)-strlen(cestart)-strlen(ceend)-2 > ps_global->ttyo->screen_cols){ data/alpine-2.24+dfsg1/pith/text.c:693:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(tmp)-2 > ps_global->ttyo->screen_cols){ data/alpine-2.24+dfsg1/pith/text.c:697:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(tmp)-2 > ps_global->ttyo->screen_cols){ data/alpine-2.24+dfsg1/pith/text.c:708:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ins = gf_line_test_new_ins(ins, line, tmp, strlen(tmp)); data/alpine-2.24+dfsg1/pith/text.c:720:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(*dq->saved_line)); data/alpine-2.24+dfsg1/pith/text.c:741:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *dq->saved_line = fs_get(strlen(line) + 3); data/alpine-2.24+dfsg1/pith/text.c:742:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(*dq->saved_line, strlen(line)+3, "%s\r\n", line); data/alpine-2.24+dfsg1/pith/text.c:781:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(line); data/alpine-2.24+dfsg1/pith/text.c:783:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ins = gf_line_test_new_ins(ins, line+len, converted, strlen(converted)); data/alpine-2.24+dfsg1/pith/text.c:826:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(prefix)) data/alpine-2.24+dfsg1/pith/text.c:827:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ins = gf_line_test_new_ins(ins, lp, prefix, strlen(prefix)); data/alpine-2.24+dfsg1/pith/text.c:840:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(lp) < len) data/alpine-2.24+dfsg1/pith/text.c:850:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ins = gf_line_test_new_ins(ins, lp - 1, last_prefix, strlen(last_prefix)); data/alpine-2.24+dfsg1/pith/text.c:886:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(line); data/alpine-2.24+dfsg1/pith/url.c:377:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = d = (char *)fs_get((3*strlen(s) + 1) * sizeof(char)); data/alpine-2.24+dfsg1/regex/engine.c:159:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stop = start + strlen(start); data/alpine-2.24+dfsg1/regex/regcomp.c:202:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen((char *)pattern); data/alpine-2.24+dfsg1/regex/regcomp.c:834:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (u = cp->multis; *u != '\0'; u += strlen(u) + 1) data/alpine-2.24+dfsg1/regex/regcomp.c:1222:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cs->smultis += strlen(cp) + 1; data/alpine-2.24+dfsg1/regex/regcomp.c:1244:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). register size_t len = strlen(fp); data/alpine-2.24+dfsg1/regex/regcomp.c:1282:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (p = cs->multis; *p != '\0'; p += strlen(p) + 1) data/alpine-2.24+dfsg1/regex/regerror.c:136:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(convbuf) < sizeof(convbuf)); data/alpine-2.24+dfsg1/regex/regerror.c:142:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s) + 1; data/alpine-2.24+dfsg1/regex/regerror.c:147:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(errbuf, s, errbuf_size-1); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:638:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(sname[l = strlen(sname) - 1] == '\n') data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:708:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((n = read(cs, buf + o, bl - o - 1)) > 0){ data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:826:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i = 0, n = strlen(s); n; n = n - i) data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:1465:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sig = (char *) fs_get((strlen(*apval ? *apval : "") + 1) * sizeof(char)); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:1761:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(varname) < 200 ? varname : ""); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:1860:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(wtmp_20k_buf + strlen(wtmp_20k_buf), SIZEOF_20KBUF - strlen(wtmp_20k_buf), "%.*s\n", SIG_MAX_COLS, line); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:1860:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(wtmp_20k_buf + strlen(wtmp_20k_buf), SIZEOF_20KBUF - strlen(wtmp_20k_buf), "%.*s\n", SIG_MAX_COLS, line); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:2033:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((text = help_name2section(helpname, strlen(helpname))) data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:2043:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(helpname) < 200 ? helpname : ""); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:2064:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(helpname) < 200 ? function : ""); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:2519:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sig = (char *) fs_get((strlen(*apval ? *apval : "") + 1) * sizeof(char)); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3125:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tpath, (ctxt->context[0] == '{' data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3161:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(wtmp_20k_buf + strlen(wtmp_20k_buf), SIZEOF_20KBUF - strlen(wtmp_20k_buf), "%.*s\n", SIG_MAX_COLS, line); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3161:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(wtmp_20k_buf + strlen(wtmp_20k_buf), SIZEOF_20KBUF - strlen(wtmp_20k_buf), "%.*s\n", SIG_MAX_COLS, line); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3628:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(nick)+strlen(server)+strlen(path)+strlen(view) > data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3628:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(nick)+strlen(server)+strlen(path)+strlen(view) > data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3628:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(nick)+strlen(server)+strlen(path)+strlen(view) > data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3628:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(nick)+strlen(server)+strlen(path)+strlen(view) > data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3633:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(3 + strlen(nick) + strlen(server) + strlen(path) + data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3633:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(3 + strlen(nick) + strlen(server) + strlen(path) + data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3633:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(3 + strlen(nick) + strlen(server) + strlen(path) + data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3634:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(view) > MAILTMPLEN + 4){ data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3640:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(nick) ? " " : "", data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3805:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(wtmp_20k_buf + strlen(wtmp_20k_buf), SIZEOF_20KBUF - strlen(wtmp_20k_buf), "%.*s\n", data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3805:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(wtmp_20k_buf + strlen(wtmp_20k_buf), SIZEOF_20KBUF - strlen(wtmp_20k_buf), "%.*s\n", data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3811:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(wtmp_20k_buf + strlen(wtmp_20k_buf), SIZEOF_20KBUF - strlen(wtmp_20k_buf), "%.*s\n", data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3811:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(wtmp_20k_buf + strlen(wtmp_20k_buf), SIZEOF_20KBUF - strlen(wtmp_20k_buf), "%.*s\n", data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:3824:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = fwrite(sig, strlen(sig), 1, fp); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:4386:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *) wps_global->smime->passphrase, passphrase, data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:4556:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += strlen(portion); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:4563:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(portion); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:4686:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tpath, (cp->context[0] == '{' data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:6907:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strlen(text) < 1024){ data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:6982:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strlen(year) == 4 data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:6999:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((month = Tcl_GetStringFromObj(objp, NULL)) && strlen(month) == 3) data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:8446:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(b + strlen(b), "%2.2x", color); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:8823:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). llen = strlen(field_name); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:8828:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, newsgrps, MIN(next_ng - newsgrps, sizeof(buf)-1)); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:9648:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(prefix), prefix, data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:10217:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *tag = (cp->nickname && strlen(cp->nickname)) ? cp->nickname : (cp->label && strlen(cp->label)) ? cp->label : "Folders"; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:10217:90: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *tag = (cp->nickname && strlen(cp->nickname)) ? cp->nickname : (cp->label && strlen(cp->label)) ? cp->label : "Folders"; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:10223:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(folder) > 15) ? "..." : "", data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:10225:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(tag) > 15) ? "..." : ""); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:10233:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(folder) > 27) ? "..." : ""); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:10242:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(wtmp_20k_buf, " and deleted", SIZEOF_20KBUF-strlen(wtmp_20k_buf)-1); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:10242:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(wtmp_20k_buf, " and deleted", SIZEOF_20KBUF-strlen(wtmp_20k_buf)-1); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:10429:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(ptype) + strlen(psubtype) + 1; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:10429:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(ptype) + strlen(psubtype) + 1; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:10557:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sObj = Tcl_NewStringObj(p, strlen(p)); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:10904:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pine_state->inbox_name, INBOX_NAME, sizeof(pine_state->inbox_name)); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:11157:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(objv[0] && (to = Tcl_GetStringFromObj(objv[0], NULL)) && strlen(to)){ data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:11311:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(cp->textbuf && strlen(cp->textbuf)){ data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:11940:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wtmp_20k_buf, cp->name, SIZEOF_20KBUF); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:11954:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wtmp_20k_buf, cp->name, SIZEOF_20KBUF); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:11977:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reply->prefix ? int2string(strlen(reply->prefix)) data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:13172:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(addrstr); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:13181:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(toaddr.arg.str, tstr1, l); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:13332:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). qstr1len = strlen(tres->str) + 3; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:13338:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). : strlen(tstr1)) == 0){ data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:13340:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(newaddr) + strlen(tres->str) + 2 data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:13340:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(newaddr) + strlen(tres->str) + 2 data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:13341:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + (tstr2 ? strlen(tstr2) : 0); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:13412:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((strlen(query) >= 5) ? ALC_INCLUDE_LDAP : 0) | data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:13488:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = (4*strlen(astr) + 1) * sizeof(char); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:13681:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int tbuflen = strlen(addrfield); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:13691:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tbuf, addrs[adri], tbuflen+128); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:13698:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). addrs[adri], strlen(addrs[adri]) > 10 ? data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:14263:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length += (strlen(*l2) + 1); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:14272:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(l1, *l2, length+1-(l1-list)); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:14273:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l1 += strlen(l1); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:14329:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(adr2->personal) + strlen(ae->fullname) + 4; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:14329:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(adr2->personal) + strlen(ae->fullname) + 4; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:14472:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wps_global->cur_folder, data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:14728:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(nick)+strlen(server)+strlen(path)+strlen(view) > data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:14728:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(nick)+strlen(server)+strlen(path)+strlen(view) > data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:14728:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(nick)+strlen(server)+strlen(path)+strlen(view) > data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:14728:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(nick)+strlen(server)+strlen(path)+strlen(view) > data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:14736:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(3 + strlen(nick) + strlen(server) + strlen(path) + data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:14736:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(3 + strlen(nick) + strlen(server) + strlen(path) + data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:14736:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(3 + strlen(nick) + strlen(server) + strlen(path) + data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:14737:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(view) > MAILTMPLEN + 4){ data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:14745:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(nick) ? " " : "", data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:14766:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wps_global->cur_folder, data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15708:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path2, fcc, sizeof(path2)-1); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15710:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, month_abbrev((month_to_use % 12)+1), sizeof(tmp)-1); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15713:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(path2 + strlen(path2), sizeof(path2)-strlen(path2), "-%.20s-%d", tmp, month_to_use/12); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15713:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(path2 + strlen(path2), sizeof(path2)-strlen(path2), "-%.20s-%d", tmp, month_to_use/12); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15778:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tbuf, p, min(50, p2-p)); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15784:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tbuf, p, min(50, p2-p)); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15788:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tbuf, p, 50); data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15812:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(hexcolor) > 6) return 1; data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15889:57: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. if ((elt = mail_elt (ap->stream,ap->msgno))->seen) {strncat (t," \\Seen", sizeof(tmp)-(t-tmp)-1); tmp[sizeof(tmp)-1] = '\0';} data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15890:24: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. if (elt->deleted) {strncat (t," \\Deleted", sizeof(tmp)-(t-tmp)-1); tmp[sizeof(tmp)-1] = '\0';} data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15891:24: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. if (elt->flagged) {strncat (t," \\Flagged", sizeof(tmp)-(t-tmp)-1); tmp[sizeof(tmp)-1] = '\0';} data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15892:25: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. if (elt->answered) {strncat (t," \\Answered", sizeof(tmp)-(t-tmp)-1); tmp[sizeof(tmp)-1] = '\0';} data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15893:22: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. if (elt->draft) {strncat (t," \\Draft", sizeof(tmp)-(t-tmp)-1); tmp[sizeof(tmp)-1] = '\0';} data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15895:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((MAILTMPLEN - ((t += strlen (t)) - tmp)) > (long) data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15896:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (2 + strlen data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:15900:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (t,t1,sizeof(tmp)-(t-tmp)); /* copy the user flag */ data/alpine-2.24+dfsg1/web/src/alpined.d/alpined.c:16218:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(tcp_sout(tcp_stream, wtmp_20k_buf, strlen(wtmp_20k_buf))){ data/alpine-2.24+dfsg1/web/src/alpined.d/busy.c:31:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(msg+1, "Moved", 5); data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:350:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(c_to_a_buf[whichbuf], "xxxxxxxxxxx", RGBLEN); /* RGBLEN is 11 */ data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:351:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(colorName); data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:352:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(c_to_a_buf[whichbuf], colorName, (i < RGBLEN) ? i : RGBLEN); data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:469:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _nfcolor = (char *)malloc(strlen(s)+1); data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:485:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _nbcolor = (char *)malloc(strlen(s)+1); data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:500:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _rfcolor = (char *)malloc(strlen(s)+1); data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:520:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _rbcolor = (char *)malloc(strlen(s)+1); data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:606:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((_last_fg_color = (char *) malloc(strlen(s) + 1)) != NULL) data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:635:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((_last_bg_color = (char *) malloc(strlen(s) + 1)) != NULL) data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:662:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((ret = (char *)malloc(strlen(_last_fg_color)+1)) != NULL) data/alpine-2.24+dfsg1/web/src/alpined.d/color.c:674:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((ret = (char *)malloc(strlen(_last_bg_color)+1)) != NULL) data/alpine-2.24+dfsg1/web/src/alpined.d/imap.c:115:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(message, string, sizeof(message)); data/alpine-2.24+dfsg1/web/src/alpined.d/imap.c:135:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ps_global->c_client_error, message, sizeof(ps_global->c_client_error)); data/alpine-2.24+dfsg1/web/src/alpined.d/imap.c:148:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ps_global->last_error, message, sizeof(ps_global->last_error)); data/alpine-2.24+dfsg1/web/src/alpined.d/imap.c:189:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ps_global->last_error, string, 500); data/alpine-2.24+dfsg1/web/src/alpined.d/imap.c:264:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((l = strlen(mb->orighost)) > 0 && l < CRED_REQ_SIZE) data/alpine-2.24+dfsg1/web/src/alpined.d/wpcomm.c:96:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(lbuf); data/alpine-2.24+dfsg1/web/src/alpined.d/wpcomm.c:113:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((n = read(s, buf, READBUF)) > 0) data/alpine-2.24+dfsg1/web/src/alpined.d/wpcomm.c:187:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(l + (i = strlen(rbuf)) > RESULT_MAX) data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:67:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf.length = strlen (buf.value = tmp) + 1; data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:102:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s = read(fd,(char*)buf + total,size - total); data/alpine-2.24+dfsg1/web/src/pubcookie/auth_gss_proxy.c:284:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf.length = strlen (buf.value = tmp) + 1; data/alpine-2.24+dfsg1/web/src/pubcookie/id_table.c:125:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(name && strlen(name)){ data/alpine-2.24+dfsg1/web/src/pubcookie/id_table.c:162:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(name); data/alpine-2.24+dfsg1/web/src/pubcookie/wp_gssapi_proxy.c:41:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(pw->pw_name); data/alpine-2.24+dfsg1/web/src/pubcookie/wp_gssapi_proxy.c:54:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s = read(fd,(char*)buf + total,size - total); data/alpine-2.24+dfsg1/web/src/pubcookie/wp_gssapi_proxy.c:81:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += strlen(str); data/alpine-2.24+dfsg1/web/src/pubcookie/wp_gssapi_proxy.c:88:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(size = strlen(str)) if(write_full(1,str,size) == -1) { data/alpine-2.24+dfsg1/web/src/pubcookie/wp_gssapi_proxy.c:234:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf.length = strlen(argv[1]); data/alpine-2.24+dfsg1/web/src/pubcookie/wp_gssapi_proxy.c:309:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf.length = 4 + (user ? strlen(user) : 0); data/alpine-2.24+dfsg1/web/src/pubcookie/wp_uidmapper.c:84:15: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). case 'u': umask(strtol(optarg,NULL,0)); break; data/alpine-2.24+dfsg1/web/src/pubcookie/wp_uidmapper.c:245:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(sbuf + strlen(sbuf), "%u,", kbuf[i]); data/alpine-2.24+dfsg1/web/src/pubcookie/wp_uidmapper.c:247:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(sbuf + strlen(sbuf) - 1, "]): %s\n",sep); data/alpine-2.24+dfsg1/web/src/pubcookie/wp_uidmapper.c:274:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). siov[0].iov_len = strlen(siov[0].iov_base); data/alpine-2.24+dfsg1/web/src/pubcookie/wp_uidmapper_lib.c:78:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out[2].iov_len = name ? strlen(name) : 0; data/alpine-2.24+dfsg1/web/src/pubcookie/wp_uidmapper_lib.c:165:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(cname) + 1; /* skip cname and equals */ ANALYSIS SUMMARY: Hits = 11081 Lines analyzed = 535820 in approximately 15.34 seconds (34926 lines/second) Physical Source Lines of Code (SLOC) = 375790 Hits@level = [0] 2336 [1] 4755 [2] 4624 [3] 185 [4] 1500 [5] 17 Hits@level+ = [0+] 13417 [1+] 11081 [2+] 6326 [3+] 1702 [4+] 1517 [5+] 17 Hits/KSLOC@level+ = [0+] 35.7035 [1+] 29.4872 [2+] 16.8339 [3+] 4.52913 [4+] 4.03683 [5+] 0.045238 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.