Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/altermime-0.3.10/mime_alter.h
Examining data/altermime-0.3.10/logger.c
Examining data/altermime-0.3.10/logger.h
Examining data/altermime-0.3.10/ffget.h
Examining data/altermime-0.3.10/pldstr.h
Examining data/altermime-0.3.10/filename-filters.c
Examining data/altermime-0.3.10/filename-filters.h
Examining data/altermime-0.3.10/MIME_headers.h
Examining data/altermime-0.3.10/libmime-decoders.c
Examining data/altermime-0.3.10/libmime-decoders.h
Examining data/altermime-0.3.10/boundary-stack.c
Examining data/altermime-0.3.10/boundary-stack.h
Examining data/altermime-0.3.10/strstack.c
Examining data/altermime-0.3.10/strstack.h
Examining data/altermime-0.3.10/qpe.h
Examining data/altermime-0.3.10/mime_alter.c
Examining data/altermime-0.3.10/ffget.c
Examining data/altermime-0.3.10/pldstr.c
Examining data/altermime-0.3.10/qpe.c
Examining data/altermime-0.3.10/MIME_headers.c
Examining data/altermime-0.3.10/altermime.c
FINAL RESULTS:
data/altermime-0.3.10/logger.c:301:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(tmpoutput, format, ptr);
data/altermime-0.3.10/logger.c:303:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(tmpoutput,sizeof(tmpoutput),format,ptr);
data/altermime-0.3.10/mime_alter.c:1546:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lline,line);
data/altermime-0.3.10/mime_alter.c:2777:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lline,"%s\"%s%d\"\n",line,removed_prefix,removed_count); /* create a new string, in lline (scratch pad)*/
data/altermime-0.3.10/mime_alter.c:2778:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(line,lline);
data/altermime-0.3.10/pldstr.c:738:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = vsnprintf (p, size, format, ap);
data/altermime-0.3.10/MIME_headers.c:54:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *MIMEH_defect_description_array[_MIMEH_DEFECT_ARRAY_SIZE];
data/altermime-0.3.10/MIME_headers.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char doubleCRname[_MIMEH_STRLEN_MAX +1];
data/altermime-0.3.10/MIME_headers.c:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char appledouble_filename[_MIMEH_STRLEN_MAX +1];
data/altermime-0.3.10/MIME_headers.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subject[_MIMEH_STRLEN_MAX +1];
data/altermime-0.3.10/MIME_headers.c:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_dir[_MIMEH_STRLEN_MAX +1];
data/altermime-0.3.10/MIME_headers.c:683:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/altermime-0.3.10/MIME_headers.c:687:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fname,"r");
data/altermime-0.3.10/MIME_headers.c:718:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char conditions[7][16] = { "received", "from", "subject", "date", "content", "boundary" };
data/altermime-0.3.10/MIME_headers.c:793:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo = fopen(glb.doubleCRname,"w");
data/altermime-0.3.10/MIME_headers.c:1079:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[_MIMEH_STRLEN_MAX+1];
data/altermime-0.3.10/MIME_headers.c:1228:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((glb.headerline +totalsize), linestart, (linesize));
data/altermime-0.3.10/MIME_headers.c:2870:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/altermime-0.3.10/MIME_headers.h:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch[_MIMEH_STRLEN_MAX +1];
data/altermime-0.3.10/MIME_headers.h:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char content_type_string[ _MIMEH_CONTENT_TYPE_MAX +1 ];
data/altermime-0.3.10/MIME_headers.h:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char content_description_string[ _MIMEH_CONTENT_DESCRIPTION_MAX +1 ];
data/altermime-0.3.10/MIME_headers.h:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boundary[_MIMEH_STRLEN_MAX +1];
data/altermime-0.3.10/MIME_headers.h:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subject[_MIMEH_SUBJECTLEN_MAX +1];
data/altermime-0.3.10/MIME_headers.h:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[_MIMEH_FILENAMELEN_MAX +1];
data/altermime-0.3.10/MIME_headers.h:104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[_MIMEH_STRLEN_MAX +1];
data/altermime-0.3.10/MIME_headers.h:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char from[_MIMEH_STRLEN_MAX +1];
data/altermime-0.3.10/MIME_headers.h:108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[_MIMEH_STRLEN_MAX +1];
data/altermime-0.3.10/MIME_headers.h:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char to[_MIMEH_STRLEN_MAX +1];
data/altermime-0.3.10/MIME_headers.h:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char messageid[_MIMEH_STRLEN_MAX +1];
data/altermime-0.3.10/MIME_headers.h:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char received[_MIMEH_STRLEN_MAX +1];
data/altermime-0.3.10/MIME_headers.h:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char content_transfer_encoding_string[ _MIMEH_CONTENT_TRANSFER_ENCODING_MAX +1 ];
data/altermime-0.3.10/MIME_headers.h:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char content_disposition_string[ _MIMEH_CONTENT_DISPOSITION_MAX +1 ];
data/altermime-0.3.10/MIME_headers.h:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uudec_name[_MIMEH_FILENAMELEN_MAX +1]; // UUDecode name. This is a post-decode information field.
data/altermime-0.3.10/MIME_headers.h:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delimeter[3];
data/altermime-0.3.10/MIME_headers.h:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mailpack_name[1024];
data/altermime-0.3.10/boundary-stack.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boundarystacksafe[BS_STRLEN_MAX];
data/altermime-0.3.10/boundary-stack.c:468:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char testspace[128]; // was 1024
data/altermime-0.3.10/ffget.c:201:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f->buffer,buffer,size);
data/altermime-0.3.10/ffget.c:626:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line, f->startpoint, max_size +1);//+1
data/altermime-0.3.10/ffget.c:643:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line, f->startpoint, chardiff +1);
data/altermime-0.3.10/ffget.h:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[FFGET_BUFFER_MAX+4];
data/altermime-0.3.10/ffget.h:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastbreak[10];
data/altermime-0.3.10/filename-filters.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/altermime-0.3.10/filename-filters.c:183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/altermime-0.3.10/libmime-decoders.c:31:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char b64[256]={
data/altermime-0.3.10/libmime-decoders.c:54:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char hexconv[256]={
data/altermime-0.3.10/libmime-decoders.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[3]; /* The 4->3 byte output array */
data/altermime-0.3.10/libmime-decoders.c:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[4]; /* The 4->3 byte input array */
data/altermime-0.3.10/libmime-decoders.c:409:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encoding_charset[ MDECODE_ISO_CHARSET_SIZE_MAX ];
data/altermime-0.3.10/logger.c:107:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_LOGGER_outf = fopen(lfname,"a");
data/altermime-0.3.10/logger.c:289:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpoutput[10240];
data/altermime-0.3.10/mime_alter.c:36:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char AM_encode64[64]={
data/altermime-0.3.10/mime_alter.c:44:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char b64[256]={
data/altermime-0.3.10/mime_alter.c:734:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char inbuf[3];
data/altermime-0.3.10/mime_alter.c:735:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char outbuf[4];
data/altermime-0.3.10/mime_alter.c:814:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen( enc_fname, "rb" );
data/altermime-0.3.10/mime_alter.c:821:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen ( out_fname, "wb" );
data/altermime-0.3.10/mime_alter.c:864:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char outbuf[4];
data/altermime-0.3.10/mime_alter.c:956:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[3]; /* The 4->3 byte output array */
data/altermime-0.3.10/mime_alter.c:957:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[4]; /* The 4->3 byte input array */
data/altermime-0.3.10/mime_alter.c:1181:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen( in_fname, "rb" );
data/altermime-0.3.10/mime_alter.c:1188:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen ( out_fname, "wb" );
data/altermime-0.3.10/mime_alter.c:1240:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen( in_fname, "rb" );
data/altermime-0.3.10/mime_alter.c:1383:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fname,"r");
data/altermime-0.3.10/mime_alter.c:1499:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boundary[ AM_1K_BUFFER_SIZE +1];
data/altermime-0.3.10/mime_alter.c:1501:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[ AM_1K_BUFFER_SIZE +1];
data/altermime-0.3.10/mime_alter.c:1502:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lline[ AM_1K_BUFFER_SIZE +1];
data/altermime-0.3.10/mime_alter.c:1647:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AM_1K_BUFFER_SIZE+1]="";
data/altermime-0.3.10/mime_alter.c:1937:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AM_1K_BUFFER_SIZE+1]="";
data/altermime-0.3.10/mime_alter.c:1941:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b64_raw_fname[128];
data/altermime-0.3.10/mime_alter.c:1953:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
b64_raw_file = fopen(b64_raw_fname, "w");
data/altermime-0.3.10/mime_alter.c:2135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AM_1K_BUFFER_SIZE+1]="";
data/altermime-0.3.10/mime_alter.c:2249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AM_1K_BUFFER_SIZE+1]="";
data/altermime-0.3.10/mime_alter.c:2430:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AM_1K_BUFFER_SIZE+1]="";
data/altermime-0.3.10/mime_alter.c:2431:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mpacktmp[AM_1K_BUFFER_SIZE+1]="";
data/altermime-0.3.10/mime_alter.c:2432:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mpackold[AM_1K_BUFFER_SIZE+1]="";
data/altermime-0.3.10/mime_alter.c:2448:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
newf = fopen(mpacktmp,"w");
data/altermime-0.3.10/mime_alter.c:2449:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mp = fopen(mpackname,"r");
data/altermime-0.3.10/mime_alter.c:2769:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lline[AM_1K_BUFFER_SIZE];
data/altermime-0.3.10/mime_alter.c:2901:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/altermime-0.3.10/mime_alter.c:3063:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfname[256];
data/altermime-0.3.10/mime_alter.c:3064:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldfname[256];
data/altermime-0.3.10/mime_alter.c:3084:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inputfile = fopen( mpackname, "r" );
data/altermime-0.3.10/mime_alter.c:3097:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outputfile = fopen( tmpfname, "w" );
data/altermime-0.3.10/mime_alter.c:3186:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[ AM_1K_BUFFER_SIZE +1];
data/altermime-0.3.10/mime_alter.c:3187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tpn[ AM_1K_BUFFER_SIZE +1];
data/altermime-0.3.10/mime_alter.c:3261:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo = fopen(tpn,"w");
data/altermime-0.3.10/mime_alter.c:3270:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fi = fopen(fname,"r");
data/altermime-0.3.10/mime_alter.c:3355:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[ AM_1K_BUFFER_SIZE +1];
data/altermime-0.3.10/mime_alter.c:3356:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tpn[ AM_1K_BUFFER_SIZE +1];
data/altermime-0.3.10/mime_alter.c:3397:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo = fopen(tpn,"w");
data/altermime-0.3.10/mime_alter.c:3405:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fi = fopen(filename,"r");
data/altermime-0.3.10/mime_alter.c:3450:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char low_line[AM_1K_BUFFER_SIZE +1];
data/altermime-0.3.10/mime_alter.c:3617:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CTE_string[256];
data/altermime-0.3.10/mime_alter.c:3663:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
newatt = fopen( new_attachment_name, "r" );
data/altermime-0.3.10/mime_alter.c:3708:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/altermime-0.3.10/mime_alter.c:4012:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfname[256];
data/altermime-0.3.10/mime_alter.c:4013:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldfname[256];
data/altermime-0.3.10/mime_alter.c:4029:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inputfile = fopen( mpackname, "r" );
data/altermime-0.3.10/mime_alter.c:4037:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outputfile = fopen( tmpfname, "w" );
data/altermime-0.3.10/mime_alter.h:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boundary[1024];
data/altermime-0.3.10/mime_alter.h:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textpos[1024];
data/altermime-0.3.10/mime_alter.h:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char htmlpos[1024];
data/altermime-0.3.10/mime_alter.h:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ldelimeter[3];
data/altermime-0.3.10/mime_alter.h:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *headerbuffer[ AM_HEADERBUFFER_MAX ]; // 100 lines for the header buffers
data/altermime-0.3.10/qpe.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char paragraph[100], *pp;
data/altermime-0.3.10/qpe.c:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charout[4];
data/altermime-0.3.10/qpe.c:163:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen( fname, "r" );
data/altermime-0.3.10/strstack.h:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datastacksafe[SS_STRLEN_MAX];
data/altermime-0.3.10/MIME_headers.c:1121:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linesize = strlen(linestart);
data/altermime-0.3.10/MIME_headers.c:1142:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (MIMEH_DNORMAL) LOGGER_log("MIMEH_read_headers:DEBUG:Data-In:[%d:%d] '%s'", strlen(linestart), linesize, linestart);
data/altermime-0.3.10/MIME_headers.c:1453:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_start = buffer +strlen(buffer);
data/altermime-0.3.10/MIME_headers.c:1454:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size -= strlen(buffer);
data/altermime-0.3.10/MIME_headers.c:1508:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bl = strlen(q);
data/altermime-0.3.10/MIME_headers.c:1520:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q_len = strlen(q);
data/altermime-0.3.10/MIME_headers.c:1589:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(hl,searchstr,strlen(searchstr))==0) p = hl; else p = NULL;
data/altermime-0.3.10/MIME_headers.c:1605:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string = p -hl +data +strlen(searchstr);
data/altermime-0.3.10/MIME_headers.c:1643:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
before_string = string -1 -strlen(searchstr);
data/altermime-0.3.10/MIME_headers.c:1704:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
endchar = string +strlen(string) -1;
data/altermime-0.3.10/MIME_headers.c:1802:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((*string == '\"')&&(*(string +strlen(string)-1) == '\"'))
data/altermime-0.3.10/MIME_headers.c:1803:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| ((*string == '\'')&&(*(string +strlen(string)-1) == '\'')) )
data/altermime-0.3.10/MIME_headers.c:1805:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(string) -2;
data/altermime-0.3.10/MIME_headers.c:1864:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int plen = strlen(prefix_name);
data/altermime-0.3.10/MIME_headers.c:2008:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(glb.appledouble_filename)>0)
data/altermime-0.3.10/MIME_headers.c:2116:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (SS_cmp(&(hinfo->ss_names), hinfo->name, strlen(hinfo->name))==NULL)
data/altermime-0.3.10/MIME_headers.c:2121:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SS_push(&(hinfo->ss_names),hinfo->name,strlen(hinfo->name));
data/altermime-0.3.10/MIME_headers.c:2244:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SS_push(&(hinfo->ss_filenames), hinfo->filename, strlen(hinfo->filename));
data/altermime-0.3.10/MIME_headers.c:2479:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SS_push(&(hinfo->ss_filenames), hinfo->name, strlen(hinfo->name));
data/altermime-0.3.10/MIME_headers.c:2547:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen(tokenstr);
data/altermime-0.3.10/MIME_headers.c:2734:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
headerlength = strlen(h);
data/altermime-0.3.10/MIME_headers.c:2885:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| (strlen(hinfo->content_transfer_encoding_string) < 1)
data/altermime-0.3.10/altermime.c:135:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
glb->input_file = p +strlen("input=");
data/altermime-0.3.10/altermime.c:149:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(p,"multipart-insert", strlen("multipart-insert"))==0)
data/altermime-0.3.10/altermime.c:154:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(p,"pretext=",strlen("pretext="))==0) {
data/altermime-0.3.10/altermime.c:155:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
glb->pretext_file = p +strlen("pretext=");
data/altermime-0.3.10/altermime.c:160:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
glb->pretext_html_file = p +strlen("pretext-html=");
data/altermime-0.3.10/altermime.c:169:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
glb->disclaimer_file = p +strlen("disclaimer=");
data/altermime-0.3.10/altermime.c:174:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
glb->disclaimer_html_file = p +strlen("disclaimer-html=");
data/altermime-0.3.10/altermime.c:178:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(p,"disclaimer-b64=",strlen("disclaimer-b64="))==0) {
data/altermime-0.3.10/altermime.c:179:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
glb->disclaimer_b64_file = p +strlen("disclaimer-b64=");
data/altermime-0.3.10/altermime.c:185:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
glb->remove_filename = p +strlen("remove=");
data/altermime-0.3.10/altermime.c:202:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
glb->replace = p +strlen("replace=");
data/altermime-0.3.10/altermime.c:206:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
glb->with = p +strlen("with=");
data/altermime-0.3.10/altermime.c:210:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
glb->xheader = p +strlen("xheader=");
data/altermime-0.3.10/altermime.c:228:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(p, "alter-header", strlen("alter-header"))==0) {
data/altermime-0.3.10/altermime.c:229:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
glb->alter_header = p +strlen("alter-header=");
data/altermime-0.3.10/altermime.c:231:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(p, "alter-with", strlen("alter-with"))==0) {
data/altermime-0.3.10/altermime.c:232:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
glb->alter_with = p +strlen("alter-with=");
data/altermime-0.3.10/altermime.c:234:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(p, "alter-mode", strlen("alter-mode"))==0) {
data/altermime-0.3.10/altermime.c:235:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q = p +strlen("alter-mode=");
data/altermime-0.3.10/altermime.c:239:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp( q, "prefix", strlen("prefix"))==0) { glb->alter_mode = AM_HEADER_ADJUST_MODE_PREFIX; }
data/altermime-0.3.10/altermime.c:240:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp( q, "suffix", strlen("suffix"))==0) { glb->alter_mode = AM_HEADER_ADJUST_MODE_SUFFIX; }
data/altermime-0.3.10/altermime.c:241:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp( q, "replace", strlen("replace"))==0) { glb->alter_mode = AM_HEADER_ADJUST_MODE_REPLACE; }
data/altermime-0.3.10/altermime.c:244:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(p, "log-stdout",strlen("log-stdout"))==0) { LOGGER_set_output_mode(_LOGGER_STDOUT); }
data/altermime-0.3.10/altermime.c:245:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(p, "log-stderr",strlen("log-stderr"))==0) { LOGGER_set_output_mode(_LOGGER_STDERR); }
data/altermime-0.3.10/altermime.c:246:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(p, "log-syslog",strlen("log-syslog"))==0) { LOGGER_set_output_mode(_LOGGER_SYSLOG); LOGGER_set_syslog_mode( LOG_MAIL|LOG_INFO ); }
data/altermime-0.3.10/boundary-stack.c:268:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
glb.boundarystack->boundary_length = strlen(glb.boundarystack->boundary);
data/altermime-0.3.10/ffget.c:501:20: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nextchar = c = fgetc(f->f);
data/altermime-0.3.10/ffget.c:675:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f->lastchar = line[strlen(line) -1];
data/altermime-0.3.10/filename-filters.c:188:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fnl = strlen(fname);
data/altermime-0.3.10/filename-filters.c:277:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FNFILTER_paranoid_filter( fname, strlen( fname ) );
data/altermime-0.3.10/libmime-decoders.c:144:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int realm_size = strlen( short64 );
data/altermime-0.3.10/libmime-decoders.c:226:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(line); /* Length of our line */
data/altermime-0.3.10/libmime-decoders.c:356:110: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DMD LOGGER_log("%s:%d:MDECODE_decode_quoted_printable:DEBUG: Output = '%s' Output length = %d\n", FL, line, strlen(line));
data/altermime-0.3.10/libmime-decoders.c:378:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (glb.decode_qp == 0) return strlen(line);
data/altermime-0.3.10/libmime-decoders.c:447:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iso_end = strchr( iso_start +strlen("=?"), '?' ); // Jump past the encoding
data/altermime-0.3.10/libmime-decoders.c:459:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iso = iso_start +strlen("=?");
data/altermime-0.3.10/logger.c:194:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen( string );
data/altermime-0.3.10/logger.c:308:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( output[strlen(output)-1] == '\n' ) {
data/altermime-0.3.10/logger.c:315:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( output[strlen(output)-1] == '\n' ) { lineend = nolinebreak; } else { lineend = linebreak; }
data/altermime-0.3.10/mime_alter.c:341:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(glb.headerbuffer[glb.headerbuffermax], headerline, AM_HEADERBUFFER_ITEM_SIZE);
data/altermime-0.3.10/mime_alter.c:866:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int chars = strlen(buffer);
data/altermime-0.3.10/mime_alter.c:1311:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hinfo.filename) > 0) dd->isfile = 1;
data/altermime-0.3.10/mime_alter.c:1312:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hinfo.name) > 0) dd->isfile = 1;
data/altermime-0.3.10/mime_alter.c:1442:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qp_data_size = strlen(data_to_use) *3 +1;
data/altermime-0.3.10/mime_alter.c:1448:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qp_encode( qp_data, qp_data_size, data_to_use, strlen(data_to_use));
data/altermime-0.3.10/mime_alter.c:1510:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
boundary_length = strlen(boundary);
data/altermime-0.3.10/mime_alter.c:1688:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (BS_cmp(buffer,strlen(buffer))==1) )
data/altermime-0.3.10/mime_alter.c:1763:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
AM_base64_decode_buffer( dd->disclaimer_text_b64, strlen(dd->disclaimer_text_b64));
data/altermime-0.3.10/mime_alter.c:1806:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total_size = strlen(dd->disclaimer_text_plain) +strlen(buffer) +1;
data/altermime-0.3.10/mime_alter.c:1806:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total_size = strlen(dd->disclaimer_text_plain) +strlen(buffer) +1;
data/altermime-0.3.10/mime_alter.c:1978:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( BS_cmp(line,strlen(line))==1 )
data/altermime-0.3.10/mime_alter.c:2007:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
AM_base64_encode_buffer_to_FILE( new_b64_buffer, strlen(new_b64_buffer), newf );
data/altermime-0.3.10/mime_alter.c:2053:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( BS_cmp(line,strlen(line))==1 )
data/altermime-0.3.10/mime_alter.c:2074:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
AM_base64_encode_buffer_to_FILE( new_b64_buffer, strlen(new_b64_buffer), newf );
data/altermime-0.3.10/mime_alter.c:2100:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( BS_cmp(line,strlen(line))==1 ) {
data/altermime-0.3.10/mime_alter.c:2311:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( BS_cmp(line,strlen(line))==1 )
data/altermime-0.3.10/mime_alter.c:2330:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qp_data_size = strlen(dd->disclaimer_text_plain) *3 +1;
data/altermime-0.3.10/mime_alter.c:2336:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qp_encode( qp_data, qp_data_size, dd->disclaimer_text_plain, strlen(dd->disclaimer_text_plain));
data/altermime-0.3.10/mime_alter.c:2407:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( BS_cmp(line,strlen(line))==1 ) {
data/altermime-0.3.10/mime_alter.c:2814:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
segment_end = segment_start +strlen( header_name );
data/altermime-0.3.10/mime_alter.c:2956:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hinfo->filename) > 0)
data/altermime-0.3.10/mime_alter.c:2961:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((regresult != 0)&&(strlen(hinfo->name) > 0))
data/altermime-0.3.10/mime_alter.c:2968:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hinfo->content_type_string) > 0)
data/altermime-0.3.10/mime_alter.c:3001:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(original_ptr);
data/altermime-0.3.10/mime_alter.c:3025:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int buffer_len = strlen(buffer);
data/altermime-0.3.10/mime_alter.c:3211:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fname) < 1) {
data/altermime-0.3.10/mime_alter.c:3216:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(xheader) < 1) {
data/altermime-0.3.10/mime_alter.c:3236:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tpn) < (sizeof(tpn) -2))
data/altermime-0.3.10/mime_alter.c:3242:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tpn,"X");
data/altermime-0.3.10/mime_alter.c:3374:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tpn) < (sizeof(tpn) -2))
data/altermime-0.3.10/mime_alter.c:3376:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tpn,"X");
data/altermime-0.3.10/mime_alter.c:3615:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hinfo->content_transfer_encoding_string) < 1)
data/altermime-0.3.10/mime_alter.c:3780:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hinfo->filename) > 0)
data/altermime-0.3.10/mime_alter.c:3799:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bl = strlen(original_ptr);
data/altermime-0.3.10/mime_alter.c:3911:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen = strlen(buffer);
data/altermime-0.3.10/pldstr.c:420:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
source_length = strlen( replace_details->source );
data/altermime-0.3.10/pldstr.c:422:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
searchfor_length = strlen(replace_details->searchfor);
data/altermime-0.3.10/pldstr.c:423:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
replacewith_length = strlen(replace_details->replacewith);
data/altermime-0.3.10/pldstr.c:428:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((replace_details->preexist != NULL)&&(strlen(replace_details->preexist) < 1)) replace_details->preexist = NULL;
data/altermime-0.3.10/pldstr.c:429:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((replace_details->postexist != NULL)&&(strlen(replace_details->postexist) < 1)) replace_details->postexist = NULL;
data/altermime-0.3.10/pldstr.c:455:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = p +strlen(replace_details->postexist);
data/altermime-0.3.10/qpe.c:66:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lineend += strlen(CRLF);
data/altermime-0.3.10/qpe.c:97:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
op+= strlen(paragraph);// +3; /** jump the output + =\r\n **/
data/altermime-0.3.10/qpe.c:98:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_remaining-= (strlen(paragraph)); // Was +3, updated to fix Outlook problems
data/altermime-0.3.10/qpe.c:122:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
op += (strlen(paragraph) +2);
data/altermime-0.3.10/qpe.c:123:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_remaining -= (strlen(paragraph) +2);
ANALYSIS SUMMARY:
Hits = 217
Lines analyzed = 12001 in approximately 0.32 seconds (36936 lines/second)
Physical Source Lines of Code (SLOC) = 5935
Hits@level = [0] 123 [1] 108 [2] 103 [3] 0 [4] 6 [5] 0
Hits@level+ = [0+] 340 [1+] 217 [2+] 109 [3+] 6 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 57.2873 [1+] 36.5628 [2+] 18.3656 [3+] 1.01095 [4+] 1.01095 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.