Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/anyremote-6.7.3/src/parse.h
Examining data/anyremote-6.7.3/src/gen_ar.c
Examining data/anyremote-6.7.3/src/pr_rfcomm.h
Examining data/anyremote-6.7.3/src/dispatcher.h
Examining data/anyremote-6.7.3/src/dispatcher.c
Examining data/anyremote-6.7.3/src/main.c
Examining data/anyremote-6.7.3/src/gen_html.c
Examining data/anyremote-6.7.3/src/loop.h
Examining data/anyremote-6.7.3/src/gen_html.h
Examining data/anyremote-6.7.3/src/queue.h
Examining data/anyremote-6.7.3/src/pr_serial.h
Examining data/anyremote-6.7.3/src/xemulate.h
Examining data/anyremote-6.7.3/src/timer.c
Examining data/anyremote-6.7.3/src/atsend.h
Examining data/anyremote-6.7.3/src/executor.c
Examining data/anyremote-6.7.3/src/pr_web.c
Examining data/anyremote-6.7.3/src/var.c
Examining data/anyremote-6.7.3/src/avahi.c
Examining data/anyremote-6.7.3/src/peer.c
Examining data/anyremote-6.7.3/src/common.h
Examining data/anyremote-6.7.3/src/pr_l2cap.c
Examining data/anyremote-6.7.3/src/pr_frontend.h
Examining data/anyremote-6.7.3/src/pr_btspp.c
Examining data/anyremote-6.7.3/src/state.c
Examining data/anyremote-6.7.3/src/cmds.h
Examining data/anyremote-6.7.3/src/mutex.c
Examining data/anyremote-6.7.3/src/gen_ar.h
Examining data/anyremote-6.7.3/src/hash.c
Examining data/anyremote-6.7.3/src/timer.h
Examining data/anyremote-6.7.3/src/conf.h
Examining data/anyremote-6.7.3/src/mode.c
Examining data/anyremote-6.7.3/src/sys_util.c
Examining data/anyremote-6.7.3/src/pr_l2cap.h
Examining data/anyremote-6.7.3/src/pr_btspp.h
Examining data/anyremote-6.7.3/src/var.h
Examining data/anyremote-6.7.3/src/utils.h
Examining data/anyremote-6.7.3/src/security.c
Examining data/anyremote-6.7.3/src/btio.c
Examining data/anyremote-6.7.3/src/avahi.h
Examining data/anyremote-6.7.3/src/thread.c
Examining data/anyremote-6.7.3/src/gen_xml.h
Examining data/anyremote-6.7.3/src/alarm.c
Examining data/anyremote-6.7.3/src/pr_stdin.h
Examining data/anyremote-6.7.3/src/parse.c
Examining data/anyremote-6.7.3/src/pr_web.h
Examining data/anyremote-6.7.3/src/queue.c
Examining data/anyremote-6.7.3/src/pr_socket.c
Examining data/anyremote-6.7.3/src/lib_wrapper.h
Examining data/anyremote-6.7.3/src/xemulate.c
Examining data/anyremote-6.7.3/src/list.h
Examining data/anyremote-6.7.3/src/utils.c
Examining data/anyremote-6.7.3/src/hash.h
Examining data/anyremote-6.7.3/src/peer.h
Examining data/anyremote-6.7.3/src/pr_rfcomm.c
Examining data/anyremote-6.7.3/src/gen_xml.c
Examining data/anyremote-6.7.3/src/alarm.h
Examining data/anyremote-6.7.3/src/ar_dbus.c
Examining data/anyremote-6.7.3/src/str.c
Examining data/anyremote-6.7.3/src/list.c
Examining data/anyremote-6.7.3/src/mutex.h
Examining data/anyremote-6.7.3/src/conf.c
Examining data/anyremote-6.7.3/src/str.h
Examining data/anyremote-6.7.3/src/pr_serial.c
Examining data/anyremote-6.7.3/src/thread.h
Examining data/anyremote-6.7.3/src/mode.h
Examining data/anyremote-6.7.3/src/pr_socket.h
Examining data/anyremote-6.7.3/src/pr_frontend.c
Examining data/anyremote-6.7.3/src/btio.h
Examining data/anyremote-6.7.3/src/ar_dbus.h
Examining data/anyremote-6.7.3/src/pr_stdin.c
Examining data/anyremote-6.7.3/src/atsend.c
Examining data/anyremote-6.7.3/src/cmds.c
Examining data/anyremote-6.7.3/src/loop.c
Examining data/anyremote-6.7.3/src/sys_util.h
Examining data/anyremote-6.7.3/src/executor.h
Examining data/anyremote-6.7.3/src/security.h
Examining data/anyremote-6.7.3/src/state.h
FINAL RESULTS:
data/anyremote-6.7.3/src/main.c:154:17: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown(dd,conf.uid,conf.gid);
data/anyremote-6.7.3/src/utils.c:125:10: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown(logfile,conf.uid,conf.gid);
data/anyremote-6.7.3/src/alarm.c:96:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp,"addAlarm() >%s< >%s<\n", file,macro);
data/anyremote-6.7.3/src/ar_dbus.c:133:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p.value,"%s",(data ? "true" : "false"));
data/anyremote-6.7.3/src/ar_dbus.c:514:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(retVals,"%s", (rb?"true":"false"));
data/anyremote-6.7.3/src/atsend.c:104:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(answer,tmp2);
data/anyremote-6.7.3/src/atsend.c:123:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "Got expected %s (iteration %d)", answer, timeoutcounter);
data/anyremote-6.7.3/src/atsend.c:173:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmd,cmer);
data/anyremote-6.7.3/src/atsend.c:199:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ckpd,"%s\"%s\"\r", DEF_AT_CKPD, key);
data/anyremote-6.7.3/src/atsend.c:211:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(expect, DEF_CKEV);
data/anyremote-6.7.3/src/atsend.c:216:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(expect, key);
data/anyremote-6.7.3/src/atsend.c:240:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(expect, DEF_CKEV);
data/anyremote-6.7.3/src/atsend.c:245:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(expect, key);
data/anyremote-6.7.3/src/atsend.c:341:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, start);
data/anyremote-6.7.3/src/atsend.c:361:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(clcc,DEF_AT_CLCC);
data/anyremote-6.7.3/src/atsend.c:385:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(clcc,DEF_AT_CLCC);
data/anyremote-6.7.3/src/atsend.c:429:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s\"%s\"\r", DEF_AT_CSCS, ptr);
data/anyremote-6.7.3/src/atsend.c:438:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s\r", DEF_AT_CGMI);
data/anyremote-6.7.3/src/atsend.c:449:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s\r", DEF_AT_CLIP);
data/anyremote-6.7.3/src/atsend.c:465:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s\r", DEF_AT_CMEC);
data/anyremote-6.7.3/src/atsend.c:555:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, callerId);
data/anyremote-6.7.3/src/btio.c:188:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(answer,tmp2);
data/anyremote-6.7.3/src/btio.c:201:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "Got expected %s (iteration %d)", answer, timeoutcounter);
data/anyremote-6.7.3/src/btio.c:235:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "unix_open_port >%s<", port);
data/anyremote-6.7.3/src/btio.c:242:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "can not open UNIX %s", port);
data/anyremote-6.7.3/src/btio.c:254:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "can not open UNIX socket %s", port);
data/anyremote-6.7.3/src/cmds.c:382:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hookFile, t);
data/anyremote-6.7.3/src/cmds.c:388:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(hookFile, _hookNames[hook]);
data/anyremote-6.7.3/src/cmds.c:522:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "[EX]: uploadPix file >%s<", fname);
data/anyremote-6.7.3/src/cmds.c:538:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fName,fname);
data/anyremote-6.7.3/src/cmds.c:575:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fBuffer, command);
data/anyremote-6.7.3/src/cmds.c:697:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fBuffer, command);
data/anyremote-6.7.3/src/cmds.c:838:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmptext, CMD_GET);
data/anyremote-6.7.3/src/cmds.c:840:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmptext, descr);
data/anyremote-6.7.3/src/cmds.c:895:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chunk,descr);
data/anyremote-6.7.3/src/cmds.c:967:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chunk,CMD_SET);
data/anyremote-6.7.3/src/cmds.c:970:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(chunk,descr);
data/anyremote-6.7.3/src/cmds.c:1626:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "[EX]: handleCmdByKey() >%s<",k->key);
data/anyremote-6.7.3/src/conf.c:389:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp,"[EX]: findItemInMode >%s,%s<", mode->name->str, key);
data/anyremote-6.7.3/src/conf.c:472:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp,"[EX]: Parametrized command parsed as >%s< >%s< >%s< ", tag,index,value);
data/anyremote-6.7.3/src/conf.c:490:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tag,index);
data/anyremote-6.7.3/src/conf.c:511:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tag,(decodedVal ? decodedVal : ""));
data/anyremote-6.7.3/src/conf.c:534:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(keyAndBrace,tag);
data/anyremote-6.7.3/src/conf.c:546:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(params->index, index);
data/anyremote-6.7.3/src/conf.c:547:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(params->value, decodedVal);
data/anyremote-6.7.3/src/conf.c:644:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key, EMPTY_STR);
data/anyremote-6.7.3/src/conf.c:701:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s=\\\n\t", key);
data/anyremote-6.7.3/src/conf.c:709:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, id2Cmd(item->type));
data/anyremote-6.7.3/src/conf.c:718:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, item->descr);
data/anyremote-6.7.3/src/conf.c:726:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, item->exec);
data/anyremote-6.7.3/src/conf.c:754:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "\t%s = no command", key->key);
data/anyremote-6.7.3/src/dispatcher.c:159:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fBuffer, cmdTag);
data/anyremote-6.7.3/src/executor.c:225:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "[EX]: (%d) got key >%s<", peer, (cmd ? cmd : "NULL"));
data/anyremote-6.7.3/src/executor.c:234:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "[EX]: got string >%s<", msgIn);
data/anyremote-6.7.3/src/executor.c:269:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "[EX]: got alarm >%s<", cmd);
data/anyremote-6.7.3/src/executor.c:504:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(modifierString, key);
data/anyremote-6.7.3/src/executor.c:534:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modifierString, key);
data/anyremote-6.7.3/src/executor.c:836:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(oneCmd,paramValue);
data/anyremote-6.7.3/src/executor.c:966:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmdTmp,cmdIn);
data/anyremote-6.7.3/src/executor.c:993:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmd,cmdTmp);
data/anyremote-6.7.3/src/executor.c:1003:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd,token); // token is string
data/anyremote-6.7.3/src/executor.c:1009:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd,token); // token is numeric
data/anyremote-6.7.3/src/main.c:139:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dd, t);
data/anyremote-6.7.3/src/mode.c:231:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s %s", MODE_STR, mp->name->str);
data/anyremote-6.7.3/src/mode.c:233:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s %s : %s", MODE_STR, mp->name->str, mp->parent->str);
data/anyremote-6.7.3/src/mode.c:239:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s %s\n", MODE_END_STR, mp->name->str);
data/anyremote-6.7.3/src/parse.c:72:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(try2,d);
data/anyremote-6.7.3/src/parse.c:90:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfgDir,DATADIR);
data/anyremote-6.7.3/src/parse.c:728:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dsc, cmd);
data/anyremote-6.7.3/src/parse.c:733:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ex, comma);
data/anyremote-6.7.3/src/parse.c:742:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ci->exec, cmd);
data/anyremote-6.7.3/src/parse.c:757:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exc, comma + 1);
data/anyremote-6.7.3/src/parse.c:1255:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newDescr, cmd);
data/anyremote-6.7.3/src/parse.c:1472:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(It->key,tag);
data/anyremote-6.7.3/src/parse.c:1786:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfgfile, t);
data/anyremote-6.7.3/src/parse.c:1790:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cfgfile, CFGFILE);
data/anyremote-6.7.3/src/parse.c:1796:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cfgfile, CFGFILE);
data/anyremote-6.7.3/src/pr_btspp.c:625:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "btsppAccept: remote BT address is %s", (btAddress ? btAddress : "NULL"));
data/anyremote-6.7.3/src/pr_frontend.c:166:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "[DS]: Got from frontend (%d) >%s<", n, buf);
data/anyremote-6.7.3/src/pr_frontend.c:180:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "[DS]: Got from frontend (%d) >%s<", n, buf);
data/anyremote-6.7.3/src/pr_l2cap.c:389:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "l2capAccept: accepted from %s", buf);
data/anyremote-6.7.3/src/pr_serial.c:70:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "can not open %s", port);
data/anyremote-6.7.3/src/pr_stdin.c:123:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf,stdinbuf);
data/anyremote-6.7.3/src/pr_web.c:197:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f, "%s %d %s\r\n", PROTOCOL, status, title);
data/anyremote-6.7.3/src/pr_web.c:200:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f, "Server: %s\r\n", SERVER);
data/anyremote-6.7.3/src/pr_web.c:207:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f, "Date: %s\r\n", timebuf);
data/anyremote-6.7.3/src/pr_web.c:211:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f, "%s\r\n", extra);
data/anyremote-6.7.3/src/pr_web.c:215:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f, "Content-Type: %s\r\n", mime);
data/anyremote-6.7.3/src/pr_web.c:232:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f, "Last-Modified: %s\r\n", timebuf);
data/anyremote-6.7.3/src/pr_web.c:247:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f, "<HTML><HEAD><TITLE>%d %s</TITLE></HEAD>\r\n", status, title);
data/anyremote-6.7.3/src/pr_web.c:252:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f, "<BODY><H4>%d %s</H4>\r\n", status, title);
data/anyremote-6.7.3/src/pr_web.c:255:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f, "%s\r\n", text);
data/anyremote-6.7.3/src/pr_web.c:266:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f, "Date: %s\r\n", timebuf);
data/anyremote-6.7.3/src/security.c:81:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(resfile, h);
data/anyremote-6.7.3/src/security.c:82:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(resfile, ALLOWED_FILE);
data/anyremote-6.7.3/src/security.c:178:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(resfile, h);
data/anyremote-6.7.3/src/sys_util.c:108:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
rc = system(cmd);
data/anyremote-6.7.3/src/sys_util.c:129:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p,cmd);
data/anyremote-6.7.3/src/sys_util.c:342:13: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
(void) execl(bin_shell, shell, shflg, cmd, (char *)0);
data/anyremote-6.7.3/src/timer.c:103:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tm->macro,id);
data/anyremote-6.7.3/src/utils.c:77:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(what, prefix);
data/anyremote-6.7.3/src/utils.c:87:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(what, h);
data/anyremote-6.7.3/src/utils.c:94:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(what, name);
data/anyremote-6.7.3/src/utils.c:100:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(what, u);
data/anyremote-6.7.3/src/utils.c:131:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "anyRemote v%s", PACKAGE_VERSION);
data/anyremote-6.7.3/src/utils.h:37:23: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
#define CFG2(...) sprintf(tmp,__VA_ARGS__);logger(L_CFG, tmp);
data/anyremote-6.7.3/src/utils.h:38:23: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
#define DEBUG2(...) sprintf(tmp,__VA_ARGS__);logger(L_DBG, tmp);
data/anyremote-6.7.3/src/utils.h:39:23: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
#define ERROR2(...) sprintf(tmp,__VA_ARGS__);logger(L_ERR, tmp);
data/anyremote-6.7.3/src/utils.h:40:23: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
#define INFO2(...) sprintf(tmp,__VA_ARGS__);logger(L_INF, tmp);
data/anyremote-6.7.3/src/utils.h:41:23: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
#define WARNING2(...) sprintf(tmp,__VA_ARGS__);logger(L_WARN, tmp);
data/anyremote-6.7.3/src/var.c:285:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "\t%-16s -> ", name);
data/anyremote-6.7.3/src/cmds.c:380:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *t = getenv("HOME");
data/anyremote-6.7.3/src/main.c:137:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *t = getenv("HOME");
data/anyremote-6.7.3/src/parse.c:1784:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *t = getenv("HOME");
data/anyremote-6.7.3/src/pr_web.c:328:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* home = getenv("HOME");
data/anyremote-6.7.3/src/pr_web.c:709:29: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom((unsigned int) time(NULL));
data/anyremote-6.7.3/src/pr_web.c:710:48: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
cc->conn->cookie = random();
data/anyremote-6.7.3/src/pr_web.c:738:21: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom((unsigned int) time(NULL));
data/anyremote-6.7.3/src/pr_web.c:739:40: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
cc->conn->cookie = random();
data/anyremote-6.7.3/src/pr_web.c:1033:13: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom((unsigned int) time(NULL));
data/anyremote-6.7.3/src/pr_web.c:1034:32: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
cc->conn->cookie = random();
data/anyremote-6.7.3/src/pr_web.c:1068:9: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom((unsigned int) time(NULL));
data/anyremote-6.7.3/src/pr_web.c:1069:28: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
cc->conn->cookie = random();
data/anyremote-6.7.3/src/security.c:73:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *h = getenv("HOME");
data/anyremote-6.7.3/src/security.c:171:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *h = getenv("HOME");
data/anyremote-6.7.3/src/state.c:720:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *h = getenv("HOME");
data/anyremote-6.7.3/src/utils.c:74:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *h = getenv("HOME");
data/anyremote-6.7.3/src/utils.c:97:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *u = getenv("USER");
data/anyremote-6.7.3/src/var.c:217:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *d = getenv("HOME");
data/anyremote-6.7.3/src/alarm.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/alarm.c:198:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (tmout && atoi(tmout) > 0) {
data/anyremote-6.7.3/src/alarm.c:200:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_keepaliveTimeout = atoi(tmout);
data/anyremote-6.7.3/src/ar_dbus.c:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/ar_dbus.c:96:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p.index,"-1");
data/anyremote-6.7.3/src/ar_dbus.c:97:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p.value,"%d",data);
data/anyremote-6.7.3/src/ar_dbus.c:108:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p.index,"-1");
data/anyremote-6.7.3/src/ar_dbus.c:109:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p.value,"%u",data);
data/anyremote-6.7.3/src/ar_dbus.c:120:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p.index,"-1");
data/anyremote-6.7.3/src/ar_dbus.c:121:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p.value,"%f",data);
data/anyremote-6.7.3/src/ar_dbus.c:132:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p.index,"-1");
data/anyremote-6.7.3/src/ar_dbus.c:144:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p.index,"-1");
data/anyremote-6.7.3/src/ar_dbus.c:393:66: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
G_TYPE_INT, atoi(value),
data/anyremote-6.7.3/src/ar_dbus.c:399:67: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
G_TYPE_UINT, atoi(value),
data/anyremote-6.7.3/src/ar_dbus.c:445:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char retVals[512];
data/anyremote-6.7.3/src/ar_dbus.c:474:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(retVals,"%d",ri);
data/anyremote-6.7.3/src/ar_dbus.c:488:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(retVals,"%u",ri);
data/anyremote-6.7.3/src/ar_dbus.c:501:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(retVals,"%f",rd);
data/anyremote-6.7.3/src/atsend.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/atsend.c:47:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callerId[MAXLEN];
data/anyremote-6.7.3/src/atsend.c:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[100];
data/anyremote-6.7.3/src/atsend.c:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char answer[100];
data/anyremote-6.7.3/src/atsend.c:166:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[64];
data/anyremote-6.7.3/src/atsend.c:190:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char answer[1024];
data/anyremote-6.7.3/src/atsend.c:191:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckpd[MAXCKPDLEN];
data/anyremote-6.7.3/src/atsend.c:210:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expect[16];
data/anyremote-6.7.3/src/atsend.c:220:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(expect, ",0"); // Wait button up event
data/anyremote-6.7.3/src/atsend.c:249:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(expect, ",1");
data/anyremote-6.7.3/src/atsend.c:319:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest, "FINISHED");
data/anyremote-6.7.3/src/atsend.c:337:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest, "NO CALLER ID");
data/anyremote-6.7.3/src/atsend.c:347:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clcc[MTEXTLEN];
data/anyremote-6.7.3/src/atsend.c:348:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char answer[1024];
data/anyremote-6.7.3/src/atsend.c:410:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char answer[1024];
data/anyremote-6.7.3/src/atsend.c:411:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[32];
data/anyremote-6.7.3/src/atsend.c:550:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callerId[MAXLEN];
data/anyremote-6.7.3/src/atsend.c:554:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "Msg:InCall(,");
data/anyremote-6.7.3/src/atsend.c:556:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, ")\r");
data/anyremote-6.7.3/src/atsend.c:560:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "Msg:InCall(,)\r");
data/anyremote-6.7.3/src/avahi.c:46:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/avahi.c:92:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tcpPort = atoi(strPort);
data/anyremote-6.7.3/src/avahi.c:113:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
webPort = atoi(strPort);
data/anyremote-6.7.3/src/btio.c:48:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/btio.c:112:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/anyremote-6.7.3/src/btio.c:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[100];
data/anyremote-6.7.3/src/cmds.c:47:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char callerId[MAXLEN];
data/anyremote-6.7.3/src/cmds.c:49:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/cmds.c:54:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmptext[MAXCMDLEN];
data/anyremote-6.7.3/src/cmds.c:244:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char all[MAXMAXLEN];
data/anyremote-6.7.3/src/cmds.c:336:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp=fopen(file,"r");
data/anyremote-6.7.3/src/cmds.c:379:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hookFile[MAXLEN];
data/anyremote-6.7.3/src/cmds.c:387:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(hookFile, "/.anyRemote/");
data/anyremote-6.7.3/src/cmds.c:530:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fBuffer, "Set(");
data/anyremote-6.7.3/src/cmds.c:574:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fBuffer, "Set(");
data/anyremote-6.7.3/src/cmds.c:585:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/anyremote-6.7.3/src/cmds.c:586:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",peer->coverSz);
data/anyremote-6.7.3/src/cmds.c:696:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fBuffer, "Set(");
data/anyremote-6.7.3/src/cmds.c:704:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufx[16];
data/anyremote-6.7.3/src/cmds.c:705:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufy[16];
data/anyremote-6.7.3/src/cmds.c:706:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufx,"%d",peer->xSz);
data/anyremote-6.7.3/src/cmds.c:707:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufy,"%d",peer->ySz);
data/anyremote-6.7.3/src/cmds.c:841:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmptext, ");");
data/anyremote-6.7.3/src/cmds.c:897:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chunk + dlen + 1, res, resLen);
data/anyremote-6.7.3/src/cmds.c:976:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chunk+5+dlen,decodedVal,sz); // could be binary data here ????
data/anyremote-6.7.3/src/cmds.c:977:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chunk+5+dlen+sz,");");
data/anyremote-6.7.3/src/cmds.c:985:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chunk+5+dlen,res,resLen); // could be binary data here
data/anyremote-6.7.3/src/cmds.c:986:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chunk+5+dlen+resLen,");");
data/anyremote-6.7.3/src/conf.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/conf.c:108:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int rate = atoi(value);
data/anyremote-6.7.3/src/conf.c:148:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int v = atoi(value);
data/anyremote-6.7.3/src/conf.c:165:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
waitTimeout = atoi(value);
data/anyremote-6.7.3/src/conf.c:441:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag [MAXARGLEN];
data/anyremote-6.7.3/src/conf.c:443:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index[6];
data/anyremote-6.7.3/src/conf.c:445:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MAXARGLEN];
data/anyremote-6.7.3/src/conf.c:535:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(keyAndBrace,"($");
data/anyremote-6.7.3/src/conf.c:639:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MAXARGLEN];
data/anyremote-6.7.3/src/conf.c:721:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "<|>");
data/anyremote-6.7.3/src/dispatcher.c:69:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/dispatcher.c:71:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char callerId[MAXLEN];
data/anyremote-6.7.3/src/dispatcher.c:105:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(callerId, "NO CALLER ID");
data/anyremote-6.7.3/src/dispatcher.c:139:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(file,"r");
data/anyremote-6.7.3/src/dispatcher.c:160:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)fBuffer+prefixSz, (const void *) &szi32, 4); // length on binary data
data/anyremote-6.7.3/src/dispatcher.c:167:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fBuffer+prefixSz+fLen+4,");");
data/anyremote-6.7.3/src/dispatcher.c:179:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fBuffer, "Set(cover);");
data/anyremote-6.7.3/src/dispatcher.c:370:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char copy[1024];
data/anyremote-6.7.3/src/dispatcher.c:377:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, prev, len);
data/anyremote-6.7.3/src/dispatcher.c:602:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(callerId, "NO CALLER ID");
data/anyremote-6.7.3/src/executor.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/executor.c:67:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modifierString [MAXARGLEN];
data/anyremote-6.7.3/src/executor.c:732:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oneCmd[16];
data/anyremote-6.7.3/src/executor.c:735:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char paramValue[8];
data/anyremote-6.7.3/src/executor.c:783:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(paramValue, "%d", ((int)bc * 100)/255);
data/anyremote-6.7.3/src/executor.c:787:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(paramValue, "%d", ((int)bc == 0 ? 0 : 1));
data/anyremote-6.7.3/src/executor.c:800:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(paramValue, "%d",ix);
data/anyremote-6.7.3/src/executor.c:809:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(paramValue, "%d",
data/anyremote-6.7.3/src/executor.c:825:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(paramValue, "%d",bc);
data/anyremote-6.7.3/src/executor.c:835:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(oneCmd,"(-1,");
data/anyremote-6.7.3/src/executor.c:1001:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmd,"-1,");
data/anyremote-6.7.3/src/executor.c:1011:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmd,",)");
data/anyremote-6.7.3/src/gen_ar.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/gen_ar.c:117:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maze[9];
data/anyremote-6.7.3/src/gen_ar.c:125:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(maze,"%d,",i+1);
data/anyremote-6.7.3/src/gen_html.c:35:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/gen_html.c:112:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_screenSize = atoi(v1);
data/anyremote-6.7.3/src/gen_html.c:151:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abuf[8];
data/anyremote-6.7.3/src/gen_html.c:165:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(abuf,"%d",index);
data/anyremote-6.7.3/src/gen_html.c:293:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/anyremote-6.7.3/src/gen_html.c:294:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",_screenSize);
data/anyremote-6.7.3/src/gen_html.c:341:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char w2[16];
data/anyremote-6.7.3/src/gen_html.c:342:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(w2,"%d",_screenSize/2);
data/anyremote-6.7.3/src/gen_html.c:344:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char w2_11[16];
data/anyremote-6.7.3/src/gen_html.c:345:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(w2_11,"%d",_screenSize/2-11);
data/anyremote-6.7.3/src/gen_html.c:347:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char w2_10[16];
data/anyremote-6.7.3/src/gen_html.c:348:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(w2_10,"%d",_screenSize/2+10);
data/anyremote-6.7.3/src/gen_html.c:412:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/anyremote-6.7.3/src/gen_html.c:413:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",iconPadding());
data/anyremote-6.7.3/src/gen_html.c:457:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maze[8];
data/anyremote-6.7.3/src/gen_html.c:458:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(maze,"%d",i+1);
data/anyremote-6.7.3/src/gen_html.c:572:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[16];
data/anyremote-6.7.3/src/gen_html.c:576:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num,"%d", idx);
data/anyremote-6.7.3/src/gen_xml.c:81:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/gen_xml.c:132:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int sW = atoi(w);
data/anyremote-6.7.3/src/gen_xml.c:133:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int sH = atoi(h);
data/anyremote-6.7.3/src/gen_xml.c:182:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[16];
data/anyremote-6.7.3/src/gen_xml.c:183:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num,"%d",xmlScreenWidth() - 4);
data/anyremote-6.7.3/src/gen_xml.c:188:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num,"%d",xmlScreenHeight() - 4);
data/anyremote-6.7.3/src/gen_xml.c:226:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/anyremote-6.7.3/src/gen_xml.c:227:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d", formId);
data/anyremote-6.7.3/src/gen_xml.c:230:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d", position);
data/anyremote-6.7.3/src/gen_xml.c:248:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/anyremote-6.7.3/src/gen_xml.c:249:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d", position);
data/anyremote-6.7.3/src/gen_xml.c:389:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pos[16];
data/anyremote-6.7.3/src/gen_xml.c:390:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pos, "%d",position);
data/anyremote-6.7.3/src/gen_xml.c:394:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/anyremote-6.7.3/src/gen_xml.c:395:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d,",idx);
data/anyremote-6.7.3/src/gen_xml.c:453:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[32];
data/anyremote-6.7.3/src/gen_xml.c:454:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num,"%dx1 -geometry 32x32 ", iNum);
data/anyremote-6.7.3/src/gen_xml.c:532:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_xmlLayoutW = atoi(w);
data/anyremote-6.7.3/src/gen_xml.c:533:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_xmlLayoutH = atoi(h);
data/anyremote-6.7.3/src/gen_xml.c:589:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[16];
data/anyremote-6.7.3/src/gen_xml.c:590:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num,"%d", (_xmlScreenW - _xmlLayoutW)/2);
data/anyremote-6.7.3/src/gen_xml.c:600:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num,"%d", (bottomlineSkin() ? _xmlScreenH - _xmlLayoutH : (_xmlScreenH - _xmlLayoutH)/2));
data/anyremote-6.7.3/src/gen_xml.c:637:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num,"%d", i+1);
data/anyremote-6.7.3/src/gen_xml.c:683:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[16];
data/anyremote-6.7.3/src/gen_xml.c:708:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num,"%d", idx);
data/anyremote-6.7.3/src/gen_xml.c:756:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/anyremote-6.7.3/src/gen_xml.c:757:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d", position);
data/anyremote-6.7.3/src/main.c:58:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp [MAXMAXLEN];
data/anyremote-6.7.3/src/main.c:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dd[542];
data/anyremote-6.7.3/src/main.c:143:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dd, "/.anyRemote");
data/anyremote-6.7.3/src/mode.c:31:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/parse.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/parse.c:73:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(try2,"/../Utils");
data/anyremote-6.7.3/src/parse.c:91:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cfgDir,"/anyremote/cfg-data");
data/anyremote-6.7.3/src/parse.c:118:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
conf.frontEnd=atoi(argv[++i]);
data/anyremote-6.7.3/src/parse.c:1486:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aLine[MAXCMDLEN];
data/anyremote-6.7.3/src/parse.c:1660:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(mfile,"r");
data/anyremote-6.7.3/src/parse.c:1783:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfgfile[MAXLEN];
data/anyremote-6.7.3/src/parse.h:287:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index[6];
data/anyremote-6.7.3/src/parse.h:288:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MAXARGLEN+1];
data/anyremote-6.7.3/src/peer.c:48:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/peer.c:245:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
peer->port = atoi(strPort);
data/anyremote-6.7.3/src/peer.c:341:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
peer->port = atoi(strPort);
data/anyremote-6.7.3/src/peer.c:354:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
peer->port = atoi(strPort);
data/anyremote-6.7.3/src/peer.c:385:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBtAddr[18];
data/anyremote-6.7.3/src/peer.c:390:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
peer->port = atoi(portIn + strlen(RFCOMM_DEVICE) + BT_ADDR_LEN + 2);
data/anyremote-6.7.3/src/peer.c:414:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
peer->port = atoi(strPort);
data/anyremote-6.7.3/src/peer.c:449:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
peer->port = atoi(strPort);
data/anyremote-6.7.3/src/peer.c:818:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cache->lastValues[subtype], data, size);
data/anyremote-6.7.3/src/peer.c:1080:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "[DS]: readBmPeer: Bemused hack: read >%c<", c);
data/anyremote-6.7.3/src/peer.c:1096:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXCMDLEN];
data/anyremote-6.7.3/src/peer.c:1158:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXCMDLEN];
data/anyremote-6.7.3/src/peer.c:1393:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char byte2write[2];
data/anyremote-6.7.3/src/peer.c:1415:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char byteStr[MAXCKPDLEN];
data/anyremote-6.7.3/src/peer.c:1427:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bStripped[4];
data/anyremote-6.7.3/src/peer.c:1442:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (writeByteInternal(fd, atoi(bStripped)) != EXIT_OK) {
data/anyremote-6.7.3/src/peer.c:1617:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char byte2write[2];
data/anyremote-6.7.3/src/peer.c:1885:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXCMDLEN];
data/anyremote-6.7.3/src/peer.c:1909:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int sz = atoi(pos);
data/anyremote-6.7.3/src/peer.c:1941:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int xsz = atoi(pos);
data/anyremote-6.7.3/src/peer.c:1969:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ysz = atoi(pos);
data/anyremote-6.7.3/src/pr_btspp.c:62:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/pr_btspp.c:345:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "[DS]: registered SP for channel %i", connInfo->port);
data/anyremote-6.7.3/src/pr_btspp.c:405:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "registered SP for channel %i", connInfo->port);
data/anyremote-6.7.3/src/pr_btspp.c:661:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "btsppWrite ");
data/anyremote-6.7.3/src/pr_btspp.c:666:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, command, logSz); // Do not dump long commands
data/anyremote-6.7.3/src/pr_btspp.c:670:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "btsppWrite %d bytes", count);
data/anyremote-6.7.3/src/pr_frontend.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/pr_frontend.c:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char frontEndBuf[MAXLEN];
data/anyremote-6.7.3/src/pr_frontend.c:60:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "[DS]: connect to frontend >%d<",portno );
data/anyremote-6.7.3/src/pr_frontend.c:84:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char *)server->h_addr, (char *)&serv_addr.sin_addr.s_addr, server->h_length);
data/anyremote-6.7.3/src/pr_frontend.c:89:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "[DS]: connect socket for frontend (%d) errno = %d", ret, errno);
data/anyremote-6.7.3/src/pr_l2cap.c:47:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/pr_l2cap.c:217:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "registered L2CAP on port %i", connInfo->port);
data/anyremote-6.7.3/src/pr_l2cap.c:308:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024] = { 0 };
data/anyremote-6.7.3/src/pr_l2cap.c:424:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "l2capWrite ");
data/anyremote-6.7.3/src/pr_l2cap.c:429:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, command, logSz); // Do not dump long commands
data/anyremote-6.7.3/src/pr_l2cap.c:433:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "l2capWrite %d bytes", count);
data/anyremote-6.7.3/src/pr_rfcomm.c:59:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/pr_rfcomm.c:175:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "rfcommWrite ");
data/anyremote-6.7.3/src/pr_rfcomm.c:180:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, command, logSz); // Do not dump long commands
data/anyremote-6.7.3/src/pr_rfcomm.c:184:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "rfcommWrite %d bytes", count);
data/anyremote-6.7.3/src/pr_rfcomm.c:210:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callerId[MAXLEN];
data/anyremote-6.7.3/src/pr_serial.c:46:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/pr_serial.c:69:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((cn->fileDescriptor = open(port, O_RDWR|O_NOCTTY|O_NDELAY/*|O_CLOEXEC fails to compile ? */)) < 0) {
data/anyremote-6.7.3/src/pr_serial.c:227:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callerId[MAXLEN];
data/anyremote-6.7.3/src/pr_socket.c:49:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/pr_socket.c:311:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/anyremote-6.7.3/src/pr_socket.c:407:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "[DS]: socketWrite ");
data/anyremote-6.7.3/src/pr_socket.c:412:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, command, logSz); // Do not dump long commands
data/anyremote-6.7.3/src/pr_socket.c:416:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "[DS]: socketWrite %d bytes", count);
data/anyremote-6.7.3/src/pr_stdin.c:32:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/pr_stdin.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stdinbuf[1024];
data/anyremote-6.7.3/src/pr_web.c:62:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/pr_web.c:99:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",data);
data/anyremote-6.7.3/src/pr_web.c:181:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[32];
data/anyremote-6.7.3/src/pr_web.c:183:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(b,"%ld",cc->conn->cookie);
data/anyremote-6.7.3/src/pr_web.c:194:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f[4096];
data/anyremote-6.7.3/src/pr_web.c:204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[128];
data/anyremote-6.7.3/src/pr_web.c:221:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(f, "Cache-Control: no-cache, must-revalidate\r\n");
data/anyremote-6.7.3/src/pr_web.c:225:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(f, "Content-Length: %d\r\n", length);
data/anyremote-6.7.3/src/pr_web.c:236:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(f, "Connection: close\r\n\r\n");
data/anyremote-6.7.3/src/pr_web.c:242:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f[4096];
data/anyremote-6.7.3/src/pr_web.c:258:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(f, "</BODY></HTML>");
data/anyremote-6.7.3/src/pr_web.c:263:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[128];
data/anyremote-6.7.3/src/pr_web.c:271:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(f, "\r\n");
data/anyremote-6.7.3/src/pr_web.c:288:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fdout = open(path, O_RDONLY);
data/anyremote-6.7.3/src/pr_web.c:362:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[32];
data/anyremote-6.7.3/src/pr_web.c:439:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[16];
data/anyremote-6.7.3/src/pr_web.c:440:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num,"%d", tcpPort);
data/anyremote-6.7.3/src/pr_web.c:467:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[16];
data/anyremote-6.7.3/src/pr_web.c:468:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num,"%d", port);
data/anyremote-6.7.3/src/pr_web.c:539:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[16];
data/anyremote-6.7.3/src/pr_web.c:540:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num,"%d", cc->conn->refreshPage);
data/anyremote-6.7.3/src/pr_web.c:598:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atol(start);
data/anyremote-6.7.3/src/pr_web.c:623:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[32];
data/anyremote-6.7.3/src/pr_web.c:789:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int button = ((*(++p) == '\0') ? -1 : atoi(p)+1);
data/anyremote-6.7.3/src/pr_web.c:802:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int button = atoi(p);
data/anyremote-6.7.3/src/pr_web.c:849:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int idx = atoi(p) - 1;
data/anyremote-6.7.3/src/pr_web.c:887:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int menu_idx = atoi(p) - 1;
data/anyremote-6.7.3/src/pr_web.c:888:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int list_idx = atoi(q);
data/anyremote-6.7.3/src/pr_web.c:909:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int lidx = atoi(p);
data/anyremote-6.7.3/src/pr_web.c:910:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int midx = atoi(item) - 1;
data/anyremote-6.7.3/src/pr_web.c:925:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
string_t* content = sendXMLMenu(atoi(p), cc->conn->serverIP, cc->serverPort, -1);
data/anyremote-6.7.3/src/pr_web.c:939:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int listItem = atoi(p);
data/anyremote-6.7.3/src/pr_web.c:971:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int idx = atoi(index);
data/anyremote-6.7.3/src/pr_web.c:983:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[32];
data/anyremote-6.7.3/src/pr_web.c:1122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/anyremote-6.7.3/src/pr_web.c:1312:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
button = atoi(p);
data/anyremote-6.7.3/src/pr_web.c:1570:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cn->refreshPage = atoi(v2);
data/anyremote-6.7.3/src/pr_web.c:1677:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/anyremote-6.7.3/src/pr_web.c:1728:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bbuf[16];
data/anyremote-6.7.3/src/pr_web.c:1730:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bbuf,"Msg:%c",'*');
data/anyremote-6.7.3/src/pr_web.c:1732:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bbuf,"Msg:%c",'0');
data/anyremote-6.7.3/src/pr_web.c:1734:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bbuf,"Msg:%c",'#');
data/anyremote-6.7.3/src/pr_web.c:1736:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bbuf,"Msg:%d",wm->button);
data/anyremote-6.7.3/src/pr_web.c:1857:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[32];
data/anyremote-6.7.3/src/pr_web.c:1880:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[32];
data/anyremote-6.7.3/src/pr_web.c:1943:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[32];
data/anyremote-6.7.3/src/security.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/security.c:93:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(resfile,"r");
data/anyremote-6.7.3/src/security.c:179:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(resfile, "/.anyRemote/password");
data/anyremote-6.7.3/src/security.c:189:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(resfile,"r");
data/anyremote-6.7.3/src/security.c:249:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXCMDLEN];
data/anyremote-6.7.3/src/state.c:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/state.c:173:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/anyremote-6.7.3/src/state.c:179:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int r = atoi(token);
data/anyremote-6.7.3/src/state.c:185:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int g = atoi(token);
data/anyremote-6.7.3/src/state.c:191:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int b = atoi(token);
data/anyremote-6.7.3/src/state.c:193:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%0*x%0*x%0*x",2,r,2,g,2,b);
data/anyremote-6.7.3/src/state.c:475:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ic = atoi(token)-1;
data/anyremote-6.7.3/src/state.c:525:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ic = atoi(token)-1;
data/anyremote-6.7.3/src/state.c:856:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_state.lf.selIdx = (s ? atoi(s) : 1);
data/anyremote-6.7.3/src/state.c:1352:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_iconPadding = atoi(token2);
data/anyremote-6.7.3/src/state.c:1370:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int iconSizeScale = atoi(token2);
data/anyremote-6.7.3/src/sys_util.c:46:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/sys_util.c:420:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+haveRead, temp, num);
data/anyremote-6.7.3/src/thread.c:32:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/thread.c:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/anyremote-6.7.3/src/thread.c:52:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",id);
data/anyremote-6.7.3/src/timer.c:33:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/timer.c:91:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tmo = atoi(dup);
data/anyremote-6.7.3/src/timer.c:92:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tms = atoi(comma+1);
data/anyremote-6.7.3/src/utils.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/utils.c:45:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfile [MAXLEN];
data/anyremote-6.7.3/src/utils.c:88:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(what, "/.anyRemote");
data/anyremote-6.7.3/src/utils.c:90:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(what, "/tmp");
data/anyremote-6.7.3/src/utils.c:117:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fplog = fopen(logfile, "w");
data/anyremote-6.7.3/src/utils.c:158:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fplog = fopen(logfile, "a");
data/anyremote-6.7.3/src/utils.c:167:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stime[32];
data/anyremote-6.7.3/src/utils.c:170:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(stime, "%2d:%2d:%2d", timeinfo->tm_hour, timeinfo->tm_min, timeinfo->tm_sec);
data/anyremote-6.7.3/src/utils.c:522:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, buf, size);
data/anyremote-6.7.3/src/var.c:33:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/var.c:107:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)v->value, (const void *) val, sz); // can not use strdup() since val can contains binary data
data/anyremote-6.7.3/src/var.c:292:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "[Variables]");
data/anyremote-6.7.3/src/var.c:297:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "[End]");
data/anyremote-6.7.3/src/xemulate.c:54:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tmp[MAXMAXLEN];
data/anyremote-6.7.3/src/xemulate.c:390:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
XTestFakeMotionEvent(disp, -1, atoi(x), atoi(y), CurrentTime );
data/anyremote-6.7.3/src/xemulate.c:390:57: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
XTestFakeMotionEvent(disp, -1, atoi(x), atoi(y), CurrentTime );
data/anyremote-6.7.3/src/xemulate.c:399:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
XTestFakeRelativeMotionEvent(disp,atoi(x), atoi(y), CurrentTime );
data/anyremote-6.7.3/src/xemulate.c:399:60: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
XTestFakeRelativeMotionEvent(disp,atoi(x), atoi(y), CurrentTime );
data/anyremote-6.7.3/src/xemulate.c:411:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
XTestFakeButtonEvent(disp, atoi(x), False, CurrentTime);
data/anyremote-6.7.3/src/xemulate.c:419:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
XTestFakeButtonEvent(disp, atoi(x), True, CurrentTime);
data/anyremote-6.7.3/src/xemulate.c:427:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mouseClick(atoi(x));
data/anyremote-6.7.3/src/xemulate.c:436:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
usleep(atoi(x));
data/anyremote-6.7.3/src/alarm.c:177:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dm->size = strlen(dm->value);
data/anyremote-6.7.3/src/ar_dbus.c:145:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p.value,message,MAXARGLEN);
data/anyremote-6.7.3/src/ar_dbus.c:477:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = setVar(var,retVals,strlen(retVals));
data/anyremote-6.7.3/src/ar_dbus.c:491:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = setVar(var,retVals,strlen(retVals));
data/anyremote-6.7.3/src/ar_dbus.c:504:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = setVar(var,retVals,strlen(retVals));
data/anyremote-6.7.3/src/ar_dbus.c:516:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = setVar(var,retVals,strlen(retVals));
data/anyremote-6.7.3/src/ar_dbus.c:529:29: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(retVals,rc,511);
data/anyremote-6.7.3/src/ar_dbus.c:531:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = setVar(var,retVals,strlen(retVals));
data/anyremote-6.7.3/src/atsend.c:77:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(fd,command,strlen(command));
data/anyremote-6.7.3/src/atsend.c:88:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/anyremote-6.7.3/src/atsend.c:94:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readcount=read(fd,tmp2,sizeof(tmp2)-1);
data/anyremote-6.7.3/src/atsend.c:176:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cmd,"\r");
data/anyremote-6.7.3/src/atsend.c:212:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(expect, " ");
data/anyremote-6.7.3/src/atsend.c:214:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(expect, "\"");
data/anyremote-6.7.3/src/atsend.c:218:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(expect, "\"");
data/anyremote-6.7.3/src/atsend.c:232:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(expect);
data/anyremote-6.7.3/src/atsend.c:241:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(expect, " ");
data/anyremote-6.7.3/src/atsend.c:243:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(expect, "\"");
data/anyremote-6.7.3/src/atsend.c:247:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(expect, "\"");
data/anyremote-6.7.3/src/atsend.c:255:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(expect);
data/anyremote-6.7.3/src/atsend.c:362:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(clcc,"\r");
data/anyremote-6.7.3/src/atsend.c:386:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(clcc,"?");
data/anyremote-6.7.3/src/atsend.c:387:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(clcc,"\r");
data/anyremote-6.7.3/src/atsend.c:529:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int nbytes = read(fd, buffer, max);
data/anyremote-6.7.3/src/atsend.c:557:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nbytes = strlen(buffer);
data/anyremote-6.7.3/src/atsend.c:561:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nbytes = strlen(buffer);
data/anyremote-6.7.3/src/avahi.c:76:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strPort += strlen(PEER_TCP);
data/anyremote-6.7.3/src/avahi.c:97:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strPort += strlen(WEB_SOCKET);
data/anyremote-6.7.3/src/btio.c:81:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ok = read(fd, buf, len);
data/anyremote-6.7.3/src/btio.c:163:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(fd,command,strlen(command));
data/anyremote-6.7.3/src/btio.c:175:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/anyremote-6.7.3/src/btio.c:180:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readcount=read(fd,tmp2,sizeof(tmp2)-1);
data/anyremote-6.7.3/src/btio.c:250:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(serveraddr.sun_path, port, sizeof serveraddr.sun_path - 1);
data/anyremote-6.7.3/src/cmds.c:70:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pc = strlen(PARAM_CALLID);
data/anyremote-6.7.3/src/cmds.c:71:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pm = strlen(PARAM_MODE);
data/anyremote-6.7.3/src/cmds.c:72:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pp = strlen(PARAM_PARAM);
data/anyremote-6.7.3/src/cmds.c:73:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pi = strlen(PARAM_INDEX);
data/anyremote-6.7.3/src/cmds.c:74:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pb = strlen(PARAM_BTADDR);
data/anyremote-6.7.3/src/cmds.c:179:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(varName, papameterized + 2, pLen);
data/anyremote-6.7.3/src/cmds.c:222:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (exec == NULL || strlen(exec) == 0) {
data/anyremote-6.7.3/src/cmds.c:247:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(all, sDescr, MAXMAXLEN-1);
data/anyremote-6.7.3/src/cmds.c:254:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sDescr) <= strlen(tag) + 1) { // Set(tag,) or Set(tag) without any value
data/anyremote-6.7.3/src/cmds.c:254:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sDescr) <= strlen(tag) + 1) { // Set(tag,) or Set(tag) without any value
data/anyremote-6.7.3/src/cmds.c:258:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ptr = tag + strlen(tag) - 1;
data/anyremote-6.7.3/src/cmds.c:264:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = tag + strlen(tag) + 1;
data/anyremote-6.7.3/src/cmds.c:279:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dm->size = strlen(ptr);
data/anyremote-6.7.3/src/cmds.c:355:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DEBUG2("[EX]: Retrieved line %s of length %d ", command, (int) strlen(command));
data/anyremote-6.7.3/src/cmds.c:384:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(hookFile, ".");
data/anyremote-6.7.3/src/cmds.c:502:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefixSz = strlen(UPLOAD_PIX) + 1;
data/anyremote-6.7.3/src/cmds.c:504:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefixSz = strlen(UPLOAD_COVER_DATA) + 1;
data/anyremote-6.7.3/src/cmds.c:506:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nCh = strlen(UPLOAD_COVER) + 1;
data/anyremote-6.7.3/src/cmds.c:509:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nCh = strlen(UPLOAD_ICON) + 1;
data/anyremote-6.7.3/src/cmds.c:531:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fBuffer, cmdLine, prefixSz);
data/anyremote-6.7.3/src/cmds.c:533:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * fName = (char*) calloc(strlen(fname)+1,1);
data/anyremote-6.7.3/src/cmds.c:559:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sz = strlen(file);
data/anyremote-6.7.3/src/cmds.c:568:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * fBuffer = (char*) calloc(strlen(command)+5,1); // 4 = "Set(" + "\0"
data/anyremote-6.7.3/src/cmds.c:577:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fBuffer, ",");
data/anyremote-6.7.3/src/cmds.c:589:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ssz = strlen(dup);
data/anyremote-6.7.3/src/cmds.c:681:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sz = strlen(file);
data/anyremote-6.7.3/src/cmds.c:690:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * fBuffer = (char*) calloc(strlen(command)+5,1); // 4 = "Set(" + "\0"
data/anyremote-6.7.3/src/cmds.c:710:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ssz = strlen(dup);
data/anyremote-6.7.3/src/cmds.c:839:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmptext, "(");
data/anyremote-6.7.3/src/cmds.c:844:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dm->size = strlen(tmptext);
data/anyremote-6.7.3/src/cmds.c:856:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (subtype == ID_GET_PING && strlen(descr) > 5) { // Get(ping,_timeout_);
data/anyremote-6.7.3/src/cmds.c:887:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int dlen = strlen(descr);
data/anyremote-6.7.3/src/cmds.c:896:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(chunk,",");
data/anyremote-6.7.3/src/cmds.c:956:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sz = (decodedVal ? strlen(decodedVal) : 0);
data/anyremote-6.7.3/src/cmds.c:969:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(chunk,"("); // For example, Set(title
data/anyremote-6.7.3/src/cmds.c:972:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(chunk,",");
data/anyremote-6.7.3/src/cmds.c:995:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dm->size = strlen(chunk);
data/anyremote-6.7.3/src/cmds.c:1246:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
resLen = strlen(eValue);
data/anyremote-6.7.3/src/cmds.c:1401:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dm->size = strlen(descr);
data/anyremote-6.7.3/src/cmds.c:1448:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
resLen = strlen(eValue);
data/anyremote-6.7.3/src/conf.c:356:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int lk = strlen(key);
data/anyremote-6.7.3/src/conf.c:357:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l2 = strlen(It->key);
data/anyremote-6.7.3/src/conf.c:448:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tag, key, start-key);
data/anyremote-6.7.3/src/conf.c:465:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(index,start+1,comma-start-1);
data/anyremote-6.7.3/src/conf.c:468:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(value,comma+1,finish-comma-1);
data/anyremote-6.7.3/src/conf.c:489:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tag,"(");
data/anyremote-6.7.3/src/conf.c:491:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tag,")");
data/anyremote-6.7.3/src/conf.c:512:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tag,")");
data/anyremote-6.7.3/src/conf.c:533:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* keyAndBrace = (char*) calloc(1,strlen(tag)+3);
data/anyremote-6.7.3/src/conf.c:599:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p2 = pmode + strlen(pmode) - 1;
data/anyremote-6.7.3/src/conf.c:646:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(key, keyIn, MAXARGLEN - 1);
data/anyremote-6.7.3/src/conf.c:712:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "(");
data/anyremote-6.7.3/src/conf.c:724:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, ",");
data/anyremote-6.7.3/src/conf.c:730:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, ")");
data/anyremote-6.7.3/src/conf.c:732:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, ";");
data/anyremote-6.7.3/src/conf.c:737:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "\\");
data/anyremote-6.7.3/src/conf.c:740:9: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(tmp, "\t");
data/anyremote-6.7.3/src/dispatcher.c:144:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int prefixSz = strlen(cmdTag);
data/anyremote-6.7.3/src/dispatcher.c:546:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(20000);
data/anyremote-6.7.3/src/dispatcher.c:596:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/anyremote-6.7.3/src/executor.c:283:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dm->size = strlen(cmd);
data/anyremote-6.7.3/src/executor.c:340:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(20000); // loop timer (1/50 of second)
data/anyremote-6.7.3/src/executor.c:503:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(modifierString," "); // Add one space first
data/anyremote-6.7.3/src/executor.c:621:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dm->size = strlen(key);
data/anyremote-6.7.3/src/executor.c:708:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dm->size = strlen((char*) dm->value);
data/anyremote-6.7.3/src/executor.c:726:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *last = cmdIn + strlen(cmdIn);
data/anyremote-6.7.3/src/executor.c:769:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cmd) == 4) {
data/anyremote-6.7.3/src/executor.c:770:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(cmd, "VOLM", 4) == 0 && strlen(cmd) == 4) { // read only VOLM without value to set
data/anyremote-6.7.3/src/executor.c:832:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(oneCmd,cmd,4);
data/anyremote-6.7.3/src/executor.c:837:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(oneCmd,")");
data/anyremote-6.7.3/src/executor.c:965:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* cmdTmp = (char*) calloc(strlen(cmdIn) + 1, sizeof(char));
data/anyremote-6.7.3/src/executor.c:990:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DEBUG2("[EX]: isIViewerCommand: OK >%d<", (int) strlen(cmdIn) + 6);
data/anyremote-6.7.3/src/executor.c:992:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* cmd = (char*) calloc(strlen(cmdIn) + 6, sizeof(char));
data/anyremote-6.7.3/src/executor.c:995:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cmd,"(");
data/anyremote-6.7.3/src/executor.c:1006:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cmd,")");
data/anyremote-6.7.3/src/gen_ar.c:172:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (useVolume() && v && strlen(v) > 0) {
data/anyremote-6.7.3/src/gen_html.c:442:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (hint && strlen(hint) > 0) {
data/anyremote-6.7.3/src/gen_html.c:464:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (hint && strlen(hint) > 0) {
data/anyremote-6.7.3/src/gen_html.c:493:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (useVolume() && v && strlen(v) > 0) {
data/anyremote-6.7.3/src/gen_xml.c:118:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int gap = strlen("x-CiscoIPPhoneDisplay: ");
data/anyremote-6.7.3/src/gen_xml.c:119:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!buffer || strlen(buffer) < gap) {
data/anyremote-6.7.3/src/gen_xml.c:159:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int gap = strlen("x-CiscoIPPhoneModelName: ");
data/anyremote-6.7.3/src/gen_xml.c:160:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!buffer || strlen(buffer) < gap) {
data/anyremote-6.7.3/src/gen_xml.c:342:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sz = (title ? strlen(title) : -1);
data/anyremote-6.7.3/src/gen_xml.c:351:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(caption) > CMXML_MAX_STRING_SIZE) {
data/anyremote-6.7.3/src/loop.c:139:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/anyremote-6.7.3/src/main.c:141:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dd, ".");
data/anyremote-6.7.3/src/parse.c:71:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* try2 = (char*) malloc(strlen(d) + 10); // + "/../Utils"
data/anyremote-6.7.3/src/parse.c:78:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
try2[strlen(try2)-6] = '\0';
data/anyremote-6.7.3/src/parse.c:89:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* cfgDir = (char*) malloc(strlen(DATADIR)+20); // + "/anyremote/cfg-data"
data/anyremote-6.7.3/src/parse.c:94:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cfgDir,".");
data/anyremote-6.7.3/src/parse.c:241:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(in) > 0 && in[strlen(in) - 1] == '\n') {
data/anyremote-6.7.3/src/parse.c:241:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(in) > 0 && in[strlen(in) - 1] == '\n') {
data/anyremote-6.7.3/src/parse.c:242:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
in[strlen(in) - 1] = '\0';
data/anyremote-6.7.3/src/parse.c:337:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) == strlen(ids[idx].name) &&
data/anyremote-6.7.3/src/parse.c:337:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) == strlen(ids[idx].name) &&
data/anyremote-6.7.3/src/parse.c:387:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(name, sids[idx].name, strlen(sids[idx].name)) == 0) {
data/anyremote-6.7.3/src/parse.c:422:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(name, gids[idx].name, strlen(gids[idx].name)) == 0) {
data/anyremote-6.7.3/src/parse.c:452:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(name, tids[idx].name, strlen(tids[idx].name)) == 0) {
data/anyremote-6.7.3/src/parse.c:487:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mids[idx].name) == sz &&
data/anyremote-6.7.3/src/parse.c:518:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(subCmd,cmd+result[1].rm_so,l);
data/anyremote-6.7.3/src/parse.c:525:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr, cmd + result[1].rm_so, l);
data/anyremote-6.7.3/src/parse.c:534:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(subCmd,cmd+result[2].rm_so,l2);
data/anyremote-6.7.3/src/parse.c:541:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr,cmd + result[2].rm_so, l2);
data/anyremote-6.7.3/src/parse.c:542:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ci->descr,",");
data/anyremote-6.7.3/src/parse.c:543:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,cmd + result[3].rm_so, l3);
data/anyremote-6.7.3/src/parse.c:545:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ci->descr,",");
data/anyremote-6.7.3/src/parse.c:546:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,cmd + result[4].rm_so, l4);
data/anyremote-6.7.3/src/parse.c:554:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(subCmd,cmd+result[5].rm_so,l2);
data/anyremote-6.7.3/src/parse.c:561:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr,cmd + result[5].rm_so, l2);
data/anyremote-6.7.3/src/parse.c:562:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ci->descr,",");
data/anyremote-6.7.3/src/parse.c:563:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,cmd + result[6].rm_so, l3);
data/anyremote-6.7.3/src/parse.c:627:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr,cmd + result[1].rm_so, l);
data/anyremote-6.7.3/src/parse.c:629:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ci->descr,",");
data/anyremote-6.7.3/src/parse.c:631:25: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,start2 + result2[1].rm_so, l2);
data/anyremote-6.7.3/src/parse.c:634:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->exec,start2 + result2[2].rm_so, le);
data/anyremote-6.7.3/src/parse.c:654:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr,cmd + result[1].rm_so, result[1].rm_eo - result[1].rm_so);
data/anyremote-6.7.3/src/parse.c:655:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->exec, cmd + result[2].rm_so, result[2].rm_eo - result[2].rm_so);
data/anyremote-6.7.3/src/parse.c:666:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr,cmd + result[1].rm_so, result[1].rm_eo - result[1].rm_so);
data/anyremote-6.7.3/src/parse.c:667:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->exec, cmd + result[2].rm_so, result[2].rm_eo - result[2].rm_so);
data/anyremote-6.7.3/src/parse.c:687:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr,cmd + result[3].rm_so, l);
data/anyremote-6.7.3/src/parse.c:727:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *dsc = (char*) calloc(1, strlen(cmd) + 1);
data/anyremote-6.7.3/src/parse.c:732:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ex = (char*) calloc(1, strlen(comma) + 1);
data/anyremote-6.7.3/src/parse.c:741:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ci->exec = (char*) calloc(1, strlen(cmd) + 1);
data/anyremote-6.7.3/src/parse.c:755:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *exc = (char*) calloc(1, strlen(comma));
data/anyremote-6.7.3/src/parse.c:756:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dsc, cmd, comma - cmd);
data/anyremote-6.7.3/src/parse.c:789:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(subCmd,cmd+result[1].rm_so,l);
data/anyremote-6.7.3/src/parse.c:822:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr,cmd + result[1].rm_so, l);
data/anyremote-6.7.3/src/parse.c:826:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->exec,cmd + result[2].rm_so, le);
data/anyremote-6.7.3/src/parse.c:828:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ci->descr,",");
data/anyremote-6.7.3/src/parse.c:829:21: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,cmd + result[2].rm_so, le);
data/anyremote-6.7.3/src/parse.c:862:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr,cmd + result[1].rm_so, l);
data/anyremote-6.7.3/src/parse.c:864:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ci->descr,",");
data/anyremote-6.7.3/src/parse.c:865:25: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,start2 + result2[1].rm_so, l2);
data/anyremote-6.7.3/src/parse.c:866:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ci->descr,",");
data/anyremote-6.7.3/src/parse.c:867:25: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,start2 + result2[2].rm_so, l3);
data/anyremote-6.7.3/src/parse.c:871:29: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->exec,start2 + result2[3].rm_so, le);
data/anyremote-6.7.3/src/parse.c:873:29: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ci->descr,",");
data/anyremote-6.7.3/src/parse.c:874:29: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,start2 + result2[3].rm_so, le);
data/anyremote-6.7.3/src/parse.c:881:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr,cmd + result[1].rm_so, l);
data/anyremote-6.7.3/src/parse.c:882:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ci->descr,",");
data/anyremote-6.7.3/src/parse.c:883:25: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,start2 + result2[4].rm_so, l2);
data/anyremote-6.7.3/src/parse.c:930:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr,cmd + result[1].rm_so, l);
data/anyremote-6.7.3/src/parse.c:932:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ci->descr,",");
data/anyremote-6.7.3/src/parse.c:934:25: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,start2 + result2[1].rm_so, l2);
data/anyremote-6.7.3/src/parse.c:938:29: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->exec,start2 + result2[2].rm_so, le);
data/anyremote-6.7.3/src/parse.c:940:29: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ci->descr,",");
data/anyremote-6.7.3/src/parse.c:941:29: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,start2 + result2[2].rm_so, le);
data/anyremote-6.7.3/src/parse.c:956:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr,cmd + result[1].rm_so, l);
data/anyremote-6.7.3/src/parse.c:957:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ci->descr,",");
data/anyremote-6.7.3/src/parse.c:958:25: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,start2 + result2[3].rm_so, l2);
data/anyremote-6.7.3/src/parse.c:959:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ci->descr,",");
data/anyremote-6.7.3/src/parse.c:960:25: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,start2 + result2[4].rm_so, l3);
data/anyremote-6.7.3/src/parse.c:964:29: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->exec,start2 + result2[5].rm_so, le);
data/anyremote-6.7.3/src/parse.c:966:29: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ci->descr,",");
data/anyremote-6.7.3/src/parse.c:967:29: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,start2 + result2[5].rm_so, le);
data/anyremote-6.7.3/src/parse.c:975:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr,cmd + result[1].rm_so, l);
data/anyremote-6.7.3/src/parse.c:976:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ci->descr,",");
data/anyremote-6.7.3/src/parse.c:977:25: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,start2 + result2[6].rm_so, l2);
data/anyremote-6.7.3/src/parse.c:978:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ci->descr,",");
data/anyremote-6.7.3/src/parse.c:979:25: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,start2 + result2[7].rm_so, l3);
data/anyremote-6.7.3/src/parse.c:985:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr,cmd + result[1].rm_so, l);
data/anyremote-6.7.3/src/parse.c:986:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ci->descr,",");
data/anyremote-6.7.3/src/parse.c:987:25: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,start2 + result2[8].rm_so, l2);
data/anyremote-6.7.3/src/parse.c:1035:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr,cmd + result[1].rm_so, l);
data/anyremote-6.7.3/src/parse.c:1037:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ci->descr,",");
data/anyremote-6.7.3/src/parse.c:1039:25: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,start2 + result2[1].rm_so, l2);
data/anyremote-6.7.3/src/parse.c:1043:29: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->exec,start2 + result2[2].rm_so, le);
data/anyremote-6.7.3/src/parse.c:1045:29: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ci->descr,",");
data/anyremote-6.7.3/src/parse.c:1046:29: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,start2 + result2[2].rm_so, le);
data/anyremote-6.7.3/src/parse.c:1053:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr,cmd + result[1].rm_so, l);
data/anyremote-6.7.3/src/parse.c:1054:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ci->descr,",");
data/anyremote-6.7.3/src/parse.c:1055:25: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,start2 + result2[3].rm_so, l2);
data/anyremote-6.7.3/src/parse.c:1069:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr,cmd + result[1].rm_so, l);
data/anyremote-6.7.3/src/parse.c:1070:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ci->descr,",");
data/anyremote-6.7.3/src/parse.c:1071:25: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,start2 + result2[4].rm_so, l2);
data/anyremote-6.7.3/src/parse.c:1075:29: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->exec,start2 + result2[5].rm_so, le);
data/anyremote-6.7.3/src/parse.c:1077:29: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ci->descr,",");
data/anyremote-6.7.3/src/parse.c:1078:29: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,start2 + result2[5].rm_so, le);
data/anyremote-6.7.3/src/parse.c:1103:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(subCmd,cmd+result[3].rm_so,l);
data/anyremote-6.7.3/src/parse.c:1111:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr, cmd + result[3].rm_so, l);
data/anyremote-6.7.3/src/parse.c:1125:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr,cmd+result[4].rm_so,l4);
data/anyremote-6.7.3/src/parse.c:1126:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ci->descr,",");
data/anyremote-6.7.3/src/parse.c:1127:17: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,cmd+result[5].rm_so,l5);
data/anyremote-6.7.3/src/parse.c:1130:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->exec,cmd+result[6].rm_so,l6);
data/anyremote-6.7.3/src/parse.c:1134:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr,cmd+result[4].rm_so,l4);
data/anyremote-6.7.3/src/parse.c:1135:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ci->descr,",");
data/anyremote-6.7.3/src/parse.c:1136:17: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,cmd+result[5].rm_so,l5);
data/anyremote-6.7.3/src/parse.c:1137:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ci->descr,",");
data/anyremote-6.7.3/src/parse.c:1138:17: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,cmd+result[6].rm_so,l6);
data/anyremote-6.7.3/src/parse.c:1149:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr,cmd+result[7].rm_so,l7);
data/anyremote-6.7.3/src/parse.c:1150:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ci->descr,",");
data/anyremote-6.7.3/src/parse.c:1151:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ci->descr,cmd+result[8].rm_so,l8);
data/anyremote-6.7.3/src/parse.c:1213:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr, cmd + result[1].rm_so, l1);
data/anyremote-6.7.3/src/parse.c:1216:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->exec, cmd + result[2].rm_so, l2);
data/anyremote-6.7.3/src/parse.c:1225:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(subCmd,cmd+result[5].rm_so,l2);
data/anyremote-6.7.3/src/parse.c:1233:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->descr, cmd + result[4].rm_so, l1);
data/anyremote-6.7.3/src/parse.c:1236:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ci->exec, cmd + result[5].rm_so, l2);
data/anyremote-6.7.3/src/parse.c:1254:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *newDescr = (char*) calloc(1, strlen(cmd) + 1);
data/anyremote-6.7.3/src/parse.c:1325:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = cmds + strlen(cmds) - 1;
data/anyremote-6.7.3/src/parse.c:1471:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
It->key = (char*) calloc(1, strlen(tag)+1);
data/anyremote-6.7.3/src/parse.c:1493:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(aLine);
data/anyremote-6.7.3/src/parse.c:1788:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cfgfile, ".");
data/anyremote-6.7.3/src/parse.c:1795:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cfgfile, ".");
data/anyremote-6.7.3/src/peer.c:307:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strPort += strlen(INET_SOCKET);
data/anyremote-6.7.3/src/peer.c:316:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strPort += strlen(PEER_TCP);
data/anyremote-6.7.3/src/peer.c:325:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strPort += strlen(ILIRC_SOCKET);
data/anyremote-6.7.3/src/peer.c:334:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strPort += strlen(BT_SOCKET);
data/anyremote-6.7.3/src/peer.c:348:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strPort += strlen(L2CAP_SOCKET);
data/anyremote-6.7.3/src/peer.c:362:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strPort += strlen(UNIX_SOCKET);
data/anyremote-6.7.3/src/peer.c:376:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strlen(portIn) == strlen(RFCOMM_DEVICE) + BT_ADDR_LEN + 3 || // 00:12:EF:32:21:1A:p
data/anyremote-6.7.3/src/peer.c:376:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strlen(portIn) == strlen(RFCOMM_DEVICE) + BT_ADDR_LEN + 3 || // 00:12:EF:32:21:1A:p
data/anyremote-6.7.3/src/peer.c:377:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(portIn) == strlen(RFCOMM_DEVICE) + BT_ADDR_LEN + 4) || // 00:12:EF:32:21:1A:pp
data/anyremote-6.7.3/src/peer.c:377:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(portIn) == strlen(RFCOMM_DEVICE) + BT_ADDR_LEN + 4) || // 00:12:EF:32:21:1A:pp
data/anyremote-6.7.3/src/peer.c:378:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
portIn[strlen(RFCOMM_DEVICE)] != ':' ||
data/anyremote-6.7.3/src/peer.c:379:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
portIn[strlen(RFCOMM_DEVICE) + BT_ADDR_LEN + 1] != ':') {
data/anyremote-6.7.3/src/peer.c:386:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sBtAddr,portIn + strlen(RFCOMM_DEVICE) + 1,17);
data/anyremote-6.7.3/src/peer.c:386:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(sBtAddr,portIn + strlen(RFCOMM_DEVICE) + 1,17);
data/anyremote-6.7.3/src/peer.c:390:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
peer->port = atoi(portIn + strlen(RFCOMM_DEVICE) + BT_ADDR_LEN + 2);
data/anyremote-6.7.3/src/peer.c:397:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strPort += strlen(WEB_SOCKET);
data/anyremote-6.7.3/src/peer.c:432:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strPort += strlen(CMXML_SOCKET);
data/anyremote-6.7.3/src/peer.c:461:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strPort += strlen(AT_DEVICE);
data/anyremote-6.7.3/src/peer.c:948:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int nbytes = read(fd, buffer, max);
data/anyremote-6.7.3/src/peer.c:966:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int nbytes = read(fd, buffer, max);
data/anyremote-6.7.3/src/peer.c:1014:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int nbytes = read(fd, buffer, max);
data/anyremote-6.7.3/src/peer.c:1042:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int nbytes = read(fd, buffer, max);
data/anyremote-6.7.3/src/peer.c:1418:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(byteStr,command,MAXCKPDLEN-1);
data/anyremote-6.7.3/src/pr_btspp.c:576:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(cn->fileDescriptor,CMD_STR_DISCONNECT,strlen(CMD_STR_DISCONNECT));
data/anyremote-6.7.3/src/pr_btspp.c:606:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(cn->fileDescriptor,CMD_STR_DISCONNECT,strlen(CMD_STR_DISCONNECT));
data/anyremote-6.7.3/src/pr_frontend.c:145:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = write(cn->fileDescriptor, buf, strlen(buf));
data/anyremote-6.7.3/src/pr_frontend.c:159:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = read(fd,buf,size-1);
data/anyremote-6.7.3/src/pr_l2cap.c:351:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(cn->fileDescriptor,CMD_STR_DISCONNECT,strlen(CMD_STR_DISCONNECT));
data/anyremote-6.7.3/src/pr_l2cap.c:377:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(cn->fileDescriptor,CMD_STR_DISCONNECT,strlen(CMD_STR_DISCONNECT));
data/anyremote-6.7.3/src/pr_socket.c:139:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(un_addr.sun_path, path, sizeof un_addr.sun_path - 1);
data/anyremote-6.7.3/src/pr_socket.c:320:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(cn->fileDescriptor,CMD_STR_DISCONNECT,strlen(CMD_STR_DISCONNECT));
data/anyremote-6.7.3/src/pr_socket.c:348:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(cn->fileDescriptor,CMD_STR_DISCONNECT,strlen(CMD_STR_DISCONNECT));
data/anyremote-6.7.3/src/pr_stdin.c:111:14: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getchar();
data/anyremote-6.7.3/src/pr_web.c:164:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bytes_total = strlen(s);
data/anyremote-6.7.3/src/pr_web.c:166:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bytes_sent = send(cc->connDescriptor, s, strlen(s), MSG_NOSIGNAL);
data/anyremote-6.7.3/src/pr_web.c:685:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item += strlen(HTTP_ACTION);
data/anyremote-6.7.3/src/pr_web.c:695:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* index = p + strlen(HTTP_EDITFIELD);
data/anyremote-6.7.3/src/pr_web.c:725:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * item = p+strlen(XML_EFIELD_SUBMIT);
data/anyremote-6.7.3/src/pr_web.c:800:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(XML_BUTTON_PRESS);
data/anyremote-6.7.3/src/pr_web.c:845:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(XML_SHORT_MENU);
data/anyremote-6.7.3/src/pr_web.c:880:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(XML_LIST_MENU);
data/anyremote-6.7.3/src/pr_web.c:897:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(XML_LIST_MENU2);
data/anyremote-6.7.3/src/pr_web.c:921:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(XML_LONG_MENU);
data/anyremote-6.7.3/src/pr_web.c:934:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(XML_LIST_MENU_EXT);
data/anyremote-6.7.3/src/pr_web.c:959:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item += strlen(HTTP_ACTION);
data/anyremote-6.7.3/src/pr_web.c:1014:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item += strlen(HTTP_ACTION);
data/anyremote-6.7.3/src/pr_web.c:1024:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* index = p + strlen(HTTP_EDITFIELD);
data/anyremote-6.7.3/src/pr_web.c:1059:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * item = p+strlen(XML_EFIELD_SUBMIT);
data/anyremote-6.7.3/src/pr_web.c:1147:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int wasRead = read(cc->connDescriptor, buf, sizeof(buf)-1);
data/anyremote-6.7.3/src/pr_web.c:1302:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(HTTP_ACTION);
data/anyremote-6.7.3/src/pr_web.c:1466:13: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(20000);
data/anyremote-6.7.3/src/pr_web.c:1738:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf,bbuf,capacity);
data/anyremote-6.7.3/src/pr_web.c:1739:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(buf);
data/anyremote-6.7.3/src/pr_web.c:1743:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf,wm->string->str,capacity);
data/anyremote-6.7.3/src/pr_web.c:1744:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(wm->string->str);
data/anyremote-6.7.3/src/pr_web.c:1820:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DEBUG2("[WS]: writeWebConnStr %d", (value ? (int) strlen(value) : -1));
data/anyremote-6.7.3/src/pr_web.c:1832:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cmd) < MAXMAXLEN) {
data/anyremote-6.7.3/src/security.c:79:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* resfile = (char*) calloc(strlen(h)+strlen(ALLOWED_FILE)+1,1);
data/anyremote-6.7.3/src/security.c:79:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* resfile = (char*) calloc(strlen(h)+strlen(ALLOWED_FILE)+1,1);
data/anyremote-6.7.3/src/security.c:176:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* resfile = (char*) calloc(strlen(h)+21,1);
data/anyremote-6.7.3/src/security.c:205:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int plen = strlen(fBuffer) - 1;
data/anyremote-6.7.3/src/security.c:226:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int plen = strlen(pass);
data/anyremote-6.7.3/src/security.c:243:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = write(fd,passCmd,strlen(passCmd));
data/anyremote-6.7.3/src/state.c:833:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(token3) > 0) { // avoid empty list item
data/anyremote-6.7.3/src/state.c:1088:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addTfText(token2 + strlen(token2) + 1);
data/anyremote-6.7.3/src/state.c:1422:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DEBUG2("[DS]: updateState %d", (value ? (int) strlen(value) : -1));
data/anyremote-6.7.3/src/state.c:1428:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cmd) < MAXMAXLEN) {
data/anyremote-6.7.3/src/state.c:1440:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
setCfStatus(cmd+strlen("Set(status,"));
data/anyremote-6.7.3/src/state.c:1442:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
setCfTitle(cmd+strlen("Set(title,"));
data/anyremote-6.7.3/src/str.c:67:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string->str + string->len, val, len);
data/anyremote-6.7.3/src/str.c:95:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(init);
data/anyremote-6.7.3/src/str.c:115:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return stringAppendLen(string, val, strlen(val));
data/anyremote-6.7.3/src/str.c:143:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pl = strlen(prefix);
data/anyremote-6.7.3/src/str.c:145:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) < pl) return BOOL_NO;
data/anyremote-6.7.3/src/sys_util.c:119:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cmd == NULL || strlen(cmd) == 0 || remoteOn != 1) {
data/anyremote-6.7.3/src/sys_util.c:125:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* p = (char*) calloc(strlen(cmd) + 2,1);
data/anyremote-6.7.3/src/sys_util.c:134:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int idx = strlen(cmd)-1;
data/anyremote-6.7.3/src/sys_util.c:140:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(p, "&");
data/anyremote-6.7.3/src/sys_util.c:366:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/anyremote-6.7.3/src/sys_util.c:407:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t num = read(fd, temp, RSIZE);
data/anyremote-6.7.3/src/sys_util.c:411:10: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/anyremote-6.7.3/src/timer.c:102:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tm->macro = (char*) malloc(strlen(id)+1);
data/anyremote-6.7.3/src/utils.c:79:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(prefix, h, strlen(h)) != 0) {
data/anyremote-6.7.3/src/utils.c:99:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(what, ".");
data/anyremote-6.7.3/src/utils.c:219:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
timestr[strlen(timestr)-1]=0;
data/anyremote-6.7.3/src/utils.c:404:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s && strlen(s) >= 2) {
data/anyremote-6.7.3/src/utils.c:405:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s[strlen(s)-2] = '\0'; // strip );
data/anyremote-6.7.3/src/utils.c:480:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(str);
data/anyremote-6.7.3/src/var.c:69:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(d,v->value,v->size);
data/anyremote-6.7.3/src/var.c:194:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return setVar(name, val, strlen(val));
data/anyremote-6.7.3/src/var.c:218:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
setVar("Home", d, d ? strlen(d) : 0);
data/anyremote-6.7.3/src/var.c:286:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tmp, ptr->value != NULL ? ptr->value : "(empty)",ptr->value != NULL ? ptr->size : 7);
data/anyremote-6.7.3/src/xemulate.c:116:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/anyremote-6.7.3/src/xemulate.c:436:17: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(atoi(x));
ANALYSIS SUMMARY:
Hits = 764
Lines analyzed = 24736 in approximately 0.64 seconds (38788 lines/second)
Physical Source Lines of Code (SLOC) = 16497
Hits@level = [0] 115 [1] 331 [2] 304 [3] 18 [4] 109 [5] 2
Hits@level+ = [0+] 879 [1+] 764 [2+] 433 [3+] 129 [4+] 111 [5+] 2
Hits/KSLOC@level+ = [0+] 53.2824 [1+] 46.3115 [2+] 26.2472 [3+] 7.8196 [4+] 6.7285 [5+] 0.121234
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.