Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/atheme-services-7.2.9/contrib/anope_convert.c
Examining data/atheme-services-7.2.9/tools/createburst/createburst.c
Examining data/atheme-services-7.2.9/tools/createtestdb/createtestdb.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_reslib.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/dns.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_reslib.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_res.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/dns.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_reslist_win32.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_res.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/container/list.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/container/dictionary.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/container/queue.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/container/list.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/container/patricia.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/container/index.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/container/patricia.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/container/dictionary.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/container/queue.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/container/index.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/mowgli.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/program_opts.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/proctitle.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/confparse.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/error_backtrace.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/getopt_long.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/program_opts.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/global_storage.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/json-inline.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/proctitle.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/json.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/error_backtrace.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/json.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/getopt_long.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/confparse.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/global_storage.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/vio/vio.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/vio/vio_sockets.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/vio/vio_openssl.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/vio/vio.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/module/loader_win32.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/module/interface.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/module/module.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/module/loader_posix.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/thread/win32_mutexops.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/thread/mutex.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/thread/posix_mutexops.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/thread/thread.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/thread/null_mutexops.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/thread/mutex.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/object/message.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/object/class.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/object/metadata.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/object/object.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/object/class.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/object/metadata.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/object/object.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/object/message.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/allocation_policy.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/assert.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/bootstrap.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/process.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/process.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/mowgli_string.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/logger.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/allocation_policy.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/heap.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/heap.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/mowgli_string.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/allocator.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/logger.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/alloc.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/allocator.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/bootstrap.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/stdinc.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/alloc.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/iterator.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/eventloop/pollable.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/eventloop/timer.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/eventloop/kqueue_pollops.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/eventloop/windows_pollops.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/eventloop/eventloop.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/eventloop/null_pollops.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/eventloop/qnx_pollops.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/eventloop/epoll_pollops.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/eventloop/ports_pollops.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/eventloop/helper.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/eventloop/select_pollops.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/eventloop/eventloop.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/eventloop/poll_pollops.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/base/hash.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/base/hook.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/base/memslice.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/base/argstack.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/base/random.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/base/formatter.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/base/bitvector.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/base/hook.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/base/memslice.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/base/mowgli_signal.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/base/argstack.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/base/hash.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/base/bitvector.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/base/formatter.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/base/random.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/base/mowgli_signal.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/linebuf/linebuf.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/linebuf/linebuf.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/platform/attributes.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/platform/constructor.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/platform/cacheline.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/platform/machine.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/platform/win32/socketpair.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/platform/win32/setenv.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/platform/win32/pipe.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/platform/win32/win32_stdinc.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/platform/win32/fork.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/platform/win32/inet.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/platform/cacheline.h
Examining data/atheme-services-7.2.9/libmowgli-2/src/examples/patriciatest/patriciatest.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/examples/patriciatest2/patriciatest2.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/examples/memslice-bench/memslice-bench.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/examples/helpertest/helpertest.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/examples/vio-udplistener/vio-udplistener.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/examples/randomtest/randomtest.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/examples/echoserver/echoserver.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/examples/libevent-bench/bench.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/examples/jsontest/jsontest.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/examples/timertest/timertest.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/examples/linetest/linetest.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/examples/listsort/listsort.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/examples/async_resolver/async_resolver.c
Examining data/atheme-services-7.2.9/libmowgli-2/src/examples/formattertest/formattertest.c
Examining data/atheme-services-7.2.9/modules/statserv/server.c
Examining data/atheme-services-7.2.9/modules/statserv/main.c
Examining data/atheme-services-7.2.9/modules/statserv/netsplit.c
Examining data/atheme-services-7.2.9/modules/statserv/channel.c
Examining data/atheme-services-7.2.9/modules/operserv/modunload.c
Examining data/atheme-services-7.2.9/modules/operserv/sgline.c
Examining data/atheme-services-7.2.9/modules/operserv/ignore.c
Examining data/atheme-services-7.2.9/modules/operserv/override.c
Examining data/atheme-services-7.2.9/modules/operserv/inject.c
Examining data/atheme-services-7.2.9/modules/operserv/restart.c
Examining data/atheme-services-7.2.9/modules/operserv/modinspect.c
Examining data/atheme-services-7.2.9/modules/operserv/compare.c
Examining data/atheme-services-7.2.9/modules/operserv/mode.c
Examining data/atheme-services-7.2.9/modules/operserv/noop.c
Examining data/atheme-services-7.2.9/modules/operserv/help.c
Examining data/atheme-services-7.2.9/modules/operserv/main.c
Examining data/atheme-services-7.2.9/modules/operserv/greplog.c
Examining data/atheme-services-7.2.9/modules/operserv/update.c
Examining data/atheme-services-7.2.9/modules/operserv/rehash.c
Examining data/atheme-services-7.2.9/modules/operserv/soper.c
Examining data/atheme-services-7.2.9/modules/operserv/uptime.c
Examining data/atheme-services-7.2.9/modules/operserv/rakill.c
Examining data/atheme-services-7.2.9/modules/operserv/set.c
Examining data/atheme-services-7.2.9/modules/operserv/clearchan.c
Examining data/atheme-services-7.2.9/modules/operserv/shutdown.c
Examining data/atheme-services-7.2.9/modules/operserv/modreload.c
Examining data/atheme-services-7.2.9/modules/operserv/clones.c
Examining data/atheme-services-7.2.9/modules/operserv/modlist.c
Examining data/atheme-services-7.2.9/modules/operserv/info.c
Examining data/atheme-services-7.2.9/modules/operserv/specs.c
Examining data/atheme-services-7.2.9/modules/operserv/rwatch.c
Examining data/atheme-services-7.2.9/modules/operserv/rnc.c
Examining data/atheme-services-7.2.9/modules/operserv/rmatch.c
Examining data/atheme-services-7.2.9/modules/operserv/jupe.c
Examining data/atheme-services-7.2.9/modules/operserv/modload.c
Examining data/atheme-services-7.2.9/modules/operserv/sqline.c
Examining data/atheme-services-7.2.9/modules/operserv/readonly.c
Examining data/atheme-services-7.2.9/modules/operserv/identify.c
Examining data/atheme-services-7.2.9/modules/operserv/raw.c
Examining data/atheme-services-7.2.9/modules/operserv/akill.c
Examining data/atheme-services-7.2.9/modules/contrib/ircd_catserv.c
Examining data/atheme-services-7.2.9/modules/contrib/os_helpme.c
Examining data/atheme-services-7.2.9/modules/contrib/ircd_announceserv.c
Examining data/atheme-services-7.2.9/modules/contrib/backtrace.c
Examining data/atheme-services-7.2.9/modules/contrib/ns_generatepass.c
Examining data/atheme-services-7.2.9/modules/contrib/ns_goodmail.c
Examining data/atheme-services-7.2.9/modules/contrib/os_defcon.c
Examining data/atheme-services-7.2.9/modules/contrib/os_procwatch.c
Examining data/atheme-services-7.2.9/modules/contrib/os_modeall.c
Examining data/atheme-services-7.2.9/modules/contrib/cs_userinfo.c
Examining data/atheme-services-7.2.9/modules/contrib/cs_fregister.c
Examining data/atheme-services-7.2.9/modules/contrib/os_tabletest.c
Examining data/atheme-services-7.2.9/modules/contrib/cs_modesync.c
Examining data/atheme-services-7.2.9/modules/contrib/ms_fsend.c
Examining data/atheme-services-7.2.9/modules/contrib/ns_fregister.c
Examining data/atheme-services-7.2.9/modules/contrib/cs_badwords.c
Examining data/atheme-services-7.2.9/modules/contrib/ns_mxcheck_async.c
Examining data/atheme-services-7.2.9/modules/contrib/os_trace.c
Examining data/atheme-services-7.2.9/modules/contrib/os_joinmon.c
Examining data/atheme-services-7.2.9/modules/contrib/ns_guestnoreg.c
Examining data/atheme-services-7.2.9/modules/contrib/cs_regnotice.c
Examining data/atheme-services-7.2.9/modules/contrib/dnsbl.c
Examining data/atheme-services-7.2.9/modules/contrib/ns_mxcheck.c
Examining data/atheme-services-7.2.9/modules/contrib/ns_regnotice.c
Examining data/atheme-services-7.2.9/modules/contrib/gs_roulette.c
Examining data/atheme-services-7.2.9/modules/contrib/os_testcmd.c
Examining data/atheme-services-7.2.9/modules/contrib/ns_forbid.c
Examining data/atheme-services-7.2.9/modules/contrib/os_akillnicklist.c
Examining data/atheme-services-7.2.9/modules/contrib/ns_ajoin.c
Examining data/atheme-services-7.2.9/modules/contrib/os_testproc.c
Examining data/atheme-services-7.2.9/modules/contrib/cs_regmode.c
Examining data/atheme-services-7.2.9/modules/contrib/os_klinechan.c
Examining data/atheme-services-7.2.9/modules/contrib/cs_kickdots.c
Examining data/atheme-services-7.2.9/modules/contrib/atheme-compat.h
Examining data/atheme-services-7.2.9/modules/contrib/cs_babbler.c
Examining data/atheme-services-7.2.9/modules/contrib/ircd_loveserv.c
Examining data/atheme-services-7.2.9/modules/contrib/mlocktweaker.c
Examining data/atheme-services-7.2.9/modules/contrib/gen_vhostonreg.c
Examining data/atheme-services-7.2.9/modules/contrib/os_pingspam.c
Examining data/atheme-services-7.2.9/modules/contrib/cs_updown.c
Examining data/atheme-services-7.2.9/modules/contrib/ns_waitreg.c
Examining data/atheme-services-7.2.9/modules/contrib/ns_sendpassmail.c
Examining data/atheme-services-7.2.9/modules/contrib/cs_access_alias.c
Examining data/atheme-services-7.2.9/modules/contrib/cs_ping.c
Examining data/atheme-services-7.2.9/modules/contrib/gen_echoserver.c
Examining data/atheme-services-7.2.9/modules/contrib/graphtastical.c
Examining data/atheme-services-7.2.9/modules/contrib/on_db_save.c
Examining data/atheme-services-7.2.9/modules/contrib/wumpus.c
Examining data/atheme-services-7.2.9/modules/contrib/os_savechanmodes.c
Examining data/atheme-services-7.2.9/modules/contrib/ns_listlogins.c
Examining data/atheme-services-7.2.9/modules/contrib/ns_fenforce.c
Examining data/atheme-services-7.2.9/modules/contrib/ns_cleannick.c
Examining data/atheme-services-7.2.9/modules/contrib/ns_generatehash.c
Examining data/atheme-services-7.2.9/modules/contrib/os_resolve.c
Examining data/atheme-services-7.2.9/modules/contrib/gen_listenerdemo.c
Examining data/atheme-services-7.2.9/modules/contrib/os_kill.c
Examining data/atheme-services-7.2.9/modules/hostserv/request.c
Examining data/atheme-services-7.2.9/modules/hostserv/offer.c
Examining data/atheme-services-7.2.9/modules/hostserv/help.c
Examining data/atheme-services-7.2.9/modules/hostserv/main.c
Examining data/atheme-services-7.2.9/modules/hostserv/onoff.c
Examining data/atheme-services-7.2.9/modules/hostserv/group.c
Examining data/atheme-services-7.2.9/modules/hostserv/hostserv.h
Examining data/atheme-services-7.2.9/modules/hostserv/drop.c
Examining data/atheme-services-7.2.9/modules/hostserv/vhost.c
Examining data/atheme-services-7.2.9/modules/hostserv/vhostnick.c
Examining data/atheme-services-7.2.9/modules/gameserv/eightball.c
Examining data/atheme-services-7.2.9/modules/gameserv/rps.c
Examining data/atheme-services-7.2.9/modules/gameserv/gameserv_common.h
Examining data/atheme-services-7.2.9/modules/gameserv/help.c
Examining data/atheme-services-7.2.9/modules/gameserv/main.c
Examining data/atheme-services-7.2.9/modules/gameserv/lottery.c
Examining data/atheme-services-7.2.9/modules/gameserv/dice.c
Examining data/atheme-services-7.2.9/modules/gameserv/namegen_tab.h
Examining data/atheme-services-7.2.9/modules/gameserv/namegen.c
Examining data/atheme-services-7.2.9/modules/gameserv/gamecalc.c
Examining data/atheme-services-7.2.9/modules/gameserv/happyfarm.c
Examining data/atheme-services-7.2.9/modules/rpgserv/search.c
Examining data/atheme-services-7.2.9/modules/rpgserv/prettyprint.h
Examining data/atheme-services-7.2.9/modules/rpgserv/help.c
Examining data/atheme-services-7.2.9/modules/rpgserv/main.c
Examining data/atheme-services-7.2.9/modules/rpgserv/list.c
Examining data/atheme-services-7.2.9/modules/rpgserv/set.c
Examining data/atheme-services-7.2.9/modules/rpgserv/info.c
Examining data/atheme-services-7.2.9/modules/rpgserv/enable.c
Examining data/atheme-services-7.2.9/modules/infoserv/main.c
Examining data/atheme-services-7.2.9/modules/auth/dummy.c
Examining data/atheme-services-7.2.9/modules/auth/ldap.c
Examining data/atheme-services-7.2.9/modules/botserv/help.c
Examining data/atheme-services-7.2.9/modules/botserv/main.c
Examining data/atheme-services-7.2.9/modules/botserv/bottalk.c
Examining data/atheme-services-7.2.9/modules/botserv/set.c
Examining data/atheme-services-7.2.9/modules/botserv/set_saycaller.c
Examining data/atheme-services-7.2.9/modules/botserv/info.c
Examining data/atheme-services-7.2.9/modules/botserv/set_private.c
Examining data/atheme-services-7.2.9/modules/botserv/set_fantasy.c
Examining data/atheme-services-7.2.9/modules/botserv/set_nobot.c
Examining data/atheme-services-7.2.9/modules/botserv/botserv.h
Examining data/atheme-services-7.2.9/modules/botserv/set_core.c
Examining data/atheme-services-7.2.9/modules/nickserv/set_hidemail.c
Examining data/atheme-services-7.2.9/modules/nickserv/list.h
Examining data/atheme-services-7.2.9/modules/nickserv/set_quietchg.c
Examining data/atheme-services-7.2.9/modules/nickserv/listgroups.c
Examining data/atheme-services-7.2.9/modules/nickserv/sendpass.c
Examining data/atheme-services-7.2.9/modules/nickserv/listchans.c
Examining data/atheme-services-7.2.9/modules/nickserv/list_common.h
Examining data/atheme-services-7.2.9/modules/nickserv/freeze.c
Examining data/atheme-services-7.2.9/modules/nickserv/resetpass.c
Examining data/atheme-services-7.2.9/modules/nickserv/access.c
Examining data/atheme-services-7.2.9/modules/nickserv/restrict.c
Examining data/atheme-services-7.2.9/modules/nickserv/listownmail.c
Examining data/atheme-services-7.2.9/modules/nickserv/ghost.c
Examining data/atheme-services-7.2.9/modules/nickserv/set_password.c
Examining data/atheme-services-7.2.9/modules/nickserv/cracklib.c
Examining data/atheme-services-7.2.9/modules/nickserv/taxonomy.c
Examining data/atheme-services-7.2.9/modules/nickserv/set_noop.c
Examining data/atheme-services-7.2.9/modules/nickserv/mark.c
Examining data/atheme-services-7.2.9/modules/nickserv/help.c
Examining data/atheme-services-7.2.9/modules/nickserv/set_neverop.c
Examining data/atheme-services-7.2.9/modules/nickserv/main.c
Examining data/atheme-services-7.2.9/modules/nickserv/login.c
Examining data/atheme-services-7.2.9/modules/nickserv/set_accountname.c
Examining data/atheme-services-7.2.9/modules/nickserv/setpass.c
Examining data/atheme-services-7.2.9/modules/nickserv/logout.c
Examining data/atheme-services-7.2.9/modules/nickserv/list.c
Examining data/atheme-services-7.2.9/modules/nickserv/set_nevergroup.c
Examining data/atheme-services-7.2.9/modules/nickserv/group.c
Examining data/atheme-services-7.2.9/modules/nickserv/vacation.c
Examining data/atheme-services-7.2.9/modules/nickserv/enforce.c
Examining data/atheme-services-7.2.9/modules/nickserv/set_property.c
Examining data/atheme-services-7.2.9/modules/nickserv/register.c
Examining data/atheme-services-7.2.9/modules/nickserv/set_language.c
Examining data/atheme-services-7.2.9/modules/nickserv/set.c
Examining data/atheme-services-7.2.9/modules/nickserv/set_nogreet.c
Examining data/atheme-services-7.2.9/modules/nickserv/badmail.c
Examining data/atheme-services-7.2.9/modules/nickserv/info_lastquit.c
Examining data/atheme-services-7.2.9/modules/nickserv/set_enforcetime.c
Examining data/atheme-services-7.2.9/modules/nickserv/set_pubkey.c
Examining data/atheme-services-7.2.9/modules/nickserv/set_email.c
Examining data/atheme-services-7.2.9/modules/nickserv/status.c
Examining data/atheme-services-7.2.9/modules/nickserv/info.c
Examining data/atheme-services-7.2.9/modules/nickserv/set_private.c
Examining data/atheme-services-7.2.9/modules/nickserv/sendpass_user.c
Examining data/atheme-services-7.2.9/modules/nickserv/drop.c
Examining data/atheme-services-7.2.9/modules/nickserv/vhost.c
Examining data/atheme-services-7.2.9/modules/nickserv/return.c
Examining data/atheme-services-7.2.9/modules/nickserv/set_privmsg.c
Examining data/atheme-services-7.2.9/modules/nickserv/set_nopassword.c
Examining data/atheme-services-7.2.9/modules/nickserv/identify.c
Examining data/atheme-services-7.2.9/modules/nickserv/set_core.c
Examining data/atheme-services-7.2.9/modules/nickserv/verify.c
Examining data/atheme-services-7.2.9/modules/nickserv/cert.c
Examining data/atheme-services-7.2.9/modules/nickserv/multimark.c
Examining data/atheme-services-7.2.9/modules/nickserv/listmail.c
Examining data/atheme-services-7.2.9/modules/nickserv/set_emailmemos.c
Examining data/atheme-services-7.2.9/modules/nickserv/regnolimit.c
Examining data/atheme-services-7.2.9/modules/nickserv/set_nomemo.c
Examining data/atheme-services-7.2.9/modules/nickserv/hold.c
Examining data/atheme-services-7.2.9/modules/memoserv/sendops.c
Examining data/atheme-services-7.2.9/modules/memoserv/delete.c
Examining data/atheme-services-7.2.9/modules/memoserv/sendall.c
Examining data/atheme-services-7.2.9/modules/memoserv/ignore.c
Examining data/atheme-services-7.2.9/modules/memoserv/help.c
Examining data/atheme-services-7.2.9/modules/memoserv/main.c
Examining data/atheme-services-7.2.9/modules/memoserv/send.c
Examining data/atheme-services-7.2.9/modules/memoserv/forward.c
Examining data/atheme-services-7.2.9/modules/memoserv/list.c
Examining data/atheme-services-7.2.9/modules/memoserv/sendgroup.c
Examining data/atheme-services-7.2.9/modules/memoserv/read.c
Examining data/atheme-services-7.2.9/modules/chanserv/set_entrymsg.c
Examining data/atheme-services-7.2.9/modules/chanserv/clear_users.c
Examining data/atheme-services-7.2.9/modules/chanserv/successor_acl.c
Examining data/atheme-services-7.2.9/modules/chanserv/halfop.c
Examining data/atheme-services-7.2.9/modules/chanserv/invite.c
Examining data/atheme-services-7.2.9/modules/chanserv/voice.c
Examining data/atheme-services-7.2.9/modules/chanserv/flags.c
Examining data/atheme-services-7.2.9/modules/chanserv/set_limitflags.c
Examining data/atheme-services-7.2.9/modules/chanserv/set_gameserv.c
Examining data/atheme-services-7.2.9/modules/chanserv/why.c
Examining data/atheme-services-7.2.9/modules/chanserv/set_secure.c
Examining data/atheme-services-7.2.9/modules/chanserv/version.c
Examining data/atheme-services-7.2.9/modules/chanserv/ftransfer.c
Examining data/atheme-services-7.2.9/modules/chanserv/clear.c
Examining data/atheme-services-7.2.9/modules/chanserv/access.c
Examining data/atheme-services-7.2.9/modules/chanserv/op.c
Examining data/atheme-services-7.2.9/modules/chanserv/topic.c
Examining data/atheme-services-7.2.9/modules/chanserv/taxonomy.c
Examining data/atheme-services-7.2.9/modules/chanserv/set_restricted.c
Examining data/atheme-services-7.2.9/modules/chanserv/clear_flags.c
Examining data/atheme-services-7.2.9/modules/chanserv/mark.c
Examining data/atheme-services-7.2.9/modules/chanserv/help.c
Examining data/atheme-services-7.2.9/modules/chanserv/moderate.c
Examining data/atheme-services-7.2.9/modules/chanserv/main.c
Examining data/atheme-services-7.2.9/modules/chanserv/set_mlock.c
Examining data/atheme-services-7.2.9/modules/chanserv/xop.c
Examining data/atheme-services-7.2.9/modules/chanserv/set_pubacl.c
Examining data/atheme-services-7.2.9/modules/chanserv/clear_bans.c
Examining data/atheme-services-7.2.9/modules/chanserv/fflags.c
Examining data/atheme-services-7.2.9/modules/chanserv/ban.c
Examining data/atheme-services-7.2.9/modules/chanserv/set_topiclock.c
Examining data/atheme-services-7.2.9/modules/chanserv/list.c
Examining data/atheme-services-7.2.9/modules/chanserv/set_url.c
Examining data/atheme-services-7.2.9/modules/chanserv/akick.c
Examining data/atheme-services-7.2.9/modules/chanserv/recover.c
Examining data/atheme-services-7.2.9/modules/chanserv/template.c
Examining data/atheme-services-7.2.9/modules/chanserv/set_property.c
Examining data/atheme-services-7.2.9/modules/chanserv/register.c
Examining data/atheme-services-7.2.9/modules/chanserv/chanserv.h
Examining data/atheme-services-7.2.9/modules/chanserv/set.c
Examining data/atheme-services-7.2.9/modules/chanserv/clone.c
Examining data/atheme-services-7.2.9/modules/chanserv/quiet.c
Examining data/atheme-services-7.2.9/modules/chanserv/sync.c
Examining data/atheme-services-7.2.9/modules/chanserv/clear_akicks.c
Examining data/atheme-services-7.2.9/modules/chanserv/set_email.c
Examining data/atheme-services-7.2.9/modules/chanserv/status.c
Examining data/atheme-services-7.2.9/modules/chanserv/info.c
Examining data/atheme-services-7.2.9/modules/chanserv/set_private.c
Examining data/atheme-services-7.2.9/modules/chanserv/owner.c
Examining data/atheme-services-7.2.9/modules/chanserv/set_fantasy.c
Examining data/atheme-services-7.2.9/modules/chanserv/set_verbose.c
Examining data/atheme-services-7.2.9/modules/chanserv/antiflood.c
Examining data/atheme-services-7.2.9/modules/chanserv/drop.c
Examining data/atheme-services-7.2.9/modules/chanserv/kick.c
Examining data/atheme-services-7.2.9/modules/chanserv/getkey.c
Examining data/atheme-services-7.2.9/modules/chanserv/count.c
Examining data/atheme-services-7.2.9/modules/chanserv/protect.c
Examining data/atheme-services-7.2.9/modules/chanserv/set_keeptopic.c
Examining data/atheme-services-7.2.9/modules/chanserv/set_core.c
Examining data/atheme-services-7.2.9/modules/chanserv/set_guard.c
Examining data/atheme-services-7.2.9/modules/chanserv/unban_self.c
Examining data/atheme-services-7.2.9/modules/chanserv/set_prefix.c
Examining data/atheme-services-7.2.9/modules/chanserv/close.c
Examining data/atheme-services-7.2.9/modules/chanserv/hold.c
Examining data/atheme-services-7.2.9/modules/chanfix/fix.c
Examining data/atheme-services-7.2.9/modules/chanfix/main.c
Examining data/atheme-services-7.2.9/modules/chanfix/gather.c
Examining data/atheme-services-7.2.9/modules/chanfix/chanfix.h
Examining data/atheme-services-7.2.9/modules/groupserv/invite.c
Examining data/atheme-services-7.2.9/modules/groupserv/set_description.c
Examining data/atheme-services-7.2.9/modules/groupserv/flags.c
Examining data/atheme-services-7.2.9/modules/groupserv/listchans.c
Examining data/atheme-services-7.2.9/modules/groupserv/set_joinflags.c
Examining data/atheme-services-7.2.9/modules/groupserv/main/database.c
Examining data/atheme-services-7.2.9/modules/groupserv/main/main.c
Examining data/atheme-services-7.2.9/modules/groupserv/main/groupserv_main.h
Examining data/atheme-services-7.2.9/modules/groupserv/main/groupserv.c
Examining data/atheme-services-7.2.9/modules/groupserv/main/groupserv_common.h
Examining data/atheme-services-7.2.9/modules/groupserv/main/hooks.c
Examining data/atheme-services-7.2.9/modules/groupserv/main/validation.c
Examining data/atheme-services-7.2.9/modules/groupserv/help.c
Examining data/atheme-services-7.2.9/modules/groupserv/fflags.c
Examining data/atheme-services-7.2.9/modules/groupserv/set_open.c
Examining data/atheme-services-7.2.9/modules/groupserv/list.c
Examining data/atheme-services-7.2.9/modules/groupserv/set_url.c
Examining data/atheme-services-7.2.9/modules/groupserv/register.c
Examining data/atheme-services-7.2.9/modules/groupserv/groupserv.h
Examining data/atheme-services-7.2.9/modules/groupserv/set.c
Examining data/atheme-services-7.2.9/modules/groupserv/set_channel.c
Examining data/atheme-services-7.2.9/modules/groupserv/set_email.c
Examining data/atheme-services-7.2.9/modules/groupserv/info.c
Examining data/atheme-services-7.2.9/modules/groupserv/acsnolimit.c
Examining data/atheme-services-7.2.9/modules/groupserv/join.c
Examining data/atheme-services-7.2.9/modules/groupserv/drop.c
Examining data/atheme-services-7.2.9/modules/groupserv/set_public.c
Examining data/atheme-services-7.2.9/modules/groupserv/set_groupname.c
Examining data/atheme-services-7.2.9/modules/groupserv/regnolimit.c
Examining data/atheme-services-7.2.9/modules/groupserv/fdrop.c
Examining data/atheme-services-7.2.9/modules/crypto/ircservices.c
Examining data/atheme-services-7.2.9/modules/crypto/pbkdf2.c
Examining data/atheme-services-7.2.9/modules/crypto/rawmd5.c
Examining data/atheme-services-7.2.9/modules/crypto/rawsha1.c
Examining data/atheme-services-7.2.9/modules/crypto/pbkdf2v2.c
Examining data/atheme-services-7.2.9/modules/crypto/posix.c
Examining data/atheme-services-7.2.9/modules/security/cmdperm.c
Examining data/atheme-services-7.2.9/modules/transport/jsonrpc/main.c
Examining data/atheme-services-7.2.9/modules/transport/jsonrpc/jsonrpclib.h
Examining data/atheme-services-7.2.9/modules/transport/jsonrpc/jsonrpclib.c
Examining data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c
Examining data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.h
Examining data/atheme-services-7.2.9/modules/transport/xmlrpc/main.c
Examining data/atheme-services-7.2.9/modules/transport/rfc1459/main.c
Examining data/atheme-services-7.2.9/modules/transport/rfc1459/rfc1459.h
Examining data/atheme-services-7.2.9/modules/transport/rfc1459/parse.c
Examining data/atheme-services-7.2.9/modules/transport/p10.c
Examining data/atheme-services-7.2.9/modules/backend/opensex.c
Examining data/atheme-services-7.2.9/modules/backend/flatfile.c
Examining data/atheme-services-7.2.9/modules/backend/corestorage.c
Examining data/atheme-services-7.2.9/modules/saslserv/plain.c
Examining data/atheme-services-7.2.9/modules/saslserv/ecdsa-nist256p-challenge.c
Examining data/atheme-services-7.2.9/modules/saslserv/main.c
Examining data/atheme-services-7.2.9/modules/saslserv/external.c
Examining data/atheme-services-7.2.9/modules/saslserv/authcookie.c
Examining data/atheme-services-7.2.9/modules/proxyscan/main.c
Examining data/atheme-services-7.2.9/modules/proxyscan/dnsbl.c
Examining data/atheme-services-7.2.9/modules/misc/httpd.c
Examining data/atheme-services-7.2.9/modules/misc/canon_gmail.c
Examining data/atheme-services-7.2.9/modules/global/main.c
Examining data/atheme-services-7.2.9/modules/scripting/perl/perl_object_list.c
Examining data/atheme-services-7.2.9/modules/scripting/perl/perl_module.c
Examining data/atheme-services-7.2.9/modules/scripting/perl/api/perl_hooks.h
Examining data/atheme-services-7.2.9/modules/scripting/perl/api/perl_utilities.c
Examining data/atheme-services-7.2.9/modules/scripting/perl/api/perl_hooks_extra.h
Examining data/atheme-services-7.2.9/modules/scripting/perl/api/perl_command.c
Examining data/atheme-services-7.2.9/modules/scripting/perl/api/atheme_perl.h
Examining data/atheme-services-7.2.9/modules/alis/main.c
Examining data/atheme-services-7.2.9/modules/exttarget/chanacs.c
Examining data/atheme-services-7.2.9/modules/exttarget/registered.c
Examining data/atheme-services-7.2.9/modules/exttarget/exttarget.h
Examining data/atheme-services-7.2.9/modules/exttarget/server.c
Examining data/atheme-services-7.2.9/modules/exttarget/main.c
Examining data/atheme-services-7.2.9/modules/exttarget/oper.c
Examining data/atheme-services-7.2.9/modules/exttarget/channel.c
Examining data/atheme-services-7.2.9/modules/protocol/asuka.c
Examining data/atheme-services-7.2.9/modules/protocol/charybdis.c
Examining data/atheme-services-7.2.9/modules/protocol/mixin_noprotect.c
Examining data/atheme-services-7.2.9/modules/protocol/elemental-ircd.c
Examining data/atheme-services-7.2.9/modules/protocol/unreal.c
Examining data/atheme-services-7.2.9/modules/protocol/nefarious.c
Examining data/atheme-services-7.2.9/modules/protocol/base36uid.c
Examining data/atheme-services-7.2.9/modules/protocol/inspircd.c
Examining data/atheme-services-7.2.9/modules/protocol/ngircd.c
Examining data/atheme-services-7.2.9/modules/protocol/mixin_noowner.c
Examining data/atheme-services-7.2.9/modules/protocol/mixin_noholdnick.c
Examining data/atheme-services-7.2.9/modules/protocol/ircd-seven.c
Examining data/atheme-services-7.2.9/modules/protocol/ircnet.c
Examining data/atheme-services-7.2.9/modules/protocol/bahamut.c
Examining data/atheme-services-7.2.9/modules/protocol/unreal4.c
Examining data/atheme-services-7.2.9/modules/protocol/mixin_nohalfops.c
Examining data/atheme-services-7.2.9/modules/protocol/p10-generic.c
Examining data/atheme-services-7.2.9/modules/protocol/ts6-generic.c
Examining data/atheme-services-7.2.9/modules/protocol/ratbox.c
Examining data/atheme-services-7.2.9/modules/helpserv/ticket.c
Examining data/atheme-services-7.2.9/modules/helpserv/services.c
Examining data/atheme-services-7.2.9/modules/helpserv/main.c
Examining data/atheme-services-7.2.9/modules/helpserv/helpme.c
Examining data/atheme-services-7.2.9/libathemecore/atheme.c
Examining data/atheme-services-7.2.9/libathemecore/servtree.c
Examining data/atheme-services-7.2.9/libathemecore/conf.c
Examining data/atheme-services-7.2.9/libathemecore/table.c
Examining data/atheme-services-7.2.9/libathemecore/memory.c
Examining data/atheme-services-7.2.9/libathemecore/flags.c
Examining data/atheme-services-7.2.9/libathemecore/strshare.c
Examining data/atheme-services-7.2.9/libathemecore/ctcp-common.c
Examining data/atheme-services-7.2.9/libathemecore/version.c
Examining data/atheme-services-7.2.9/libathemecore/chacha_private.h
Examining data/atheme-services-7.2.9/libathemecore/explicit_bzero.c
Examining data/atheme-services-7.2.9/libathemecore/ubase64.c
Examining data/atheme-services-7.2.9/libathemecore/services.c
Examining data/atheme-services-7.2.9/libathemecore/match.c
Examining data/atheme-services-7.2.9/libathemecore/module.c
Examining data/atheme-services-7.2.9/libathemecore/crypto.c
Examining data/atheme-services-7.2.9/libathemecore/help.c
Examining data/atheme-services-7.2.9/libathemecore/send.c
Examining data/atheme-services-7.2.9/libathemecore/svsignore.c
Examining data/atheme-services-7.2.9/libathemecore/uid.c
Examining data/atheme-services-7.2.9/libathemecore/connection.c
Examining data/atheme-services-7.2.9/libathemecore/commandtree.c
Examining data/atheme-services-7.2.9/libathemecore/logger.c
Examining data/atheme-services-7.2.9/libathemecore/base64.c
Examining data/atheme-services-7.2.9/libathemecore/res.c
Examining data/atheme-services-7.2.9/libathemecore/signal.c
Examining data/atheme-services-7.2.9/libathemecore/uplink.c
Examining data/atheme-services-7.2.9/libathemecore/ptasks.c
Examining data/atheme-services-7.2.9/libathemecore/node.c
Examining data/atheme-services-7.2.9/libathemecore/function.c
Examining data/atheme-services-7.2.9/libathemecore/datastream.c
Examining data/atheme-services-7.2.9/libathemecore/template.c
Examining data/atheme-services-7.2.9/libathemecore/snprintf.c
Examining data/atheme-services-7.2.9/libathemecore/privs.c
Examining data/atheme-services-7.2.9/libathemecore/arc4random.c
Examining data/atheme-services-7.2.9/libathemecore/culture.c
Examining data/atheme-services-7.2.9/libathemecore/tokenize.c
Examining data/atheme-services-7.2.9/libathemecore/account.c
Examining data/atheme-services-7.2.9/libathemecore/hook.c
Examining data/atheme-services-7.2.9/libathemecore/entity.c
Examining data/atheme-services-7.2.9/libathemecore/sharedheap.c
Examining data/atheme-services-7.2.9/libathemecore/internal.h
Examining data/atheme-services-7.2.9/libathemecore/string.c
Examining data/atheme-services-7.2.9/libathemecore/pmodule.c
Examining data/atheme-services-7.2.9/libathemecore/qrcode.c
Examining data/atheme-services-7.2.9/libathemecore/cmode.c
Examining data/atheme-services-7.2.9/libathemecore/auth.c
Examining data/atheme-services-7.2.9/libathemecore/users.c
Examining data/atheme-services-7.2.9/libathemecore/packet.c
Examining data/atheme-services-7.2.9/libathemecore/cidr.c
Examining data/atheme-services-7.2.9/libathemecore/linker.c
Examining data/atheme-services-7.2.9/libathemecore/phandler.c
Examining data/atheme-services-7.2.9/libathemecore/database_backend.c
Examining data/atheme-services-7.2.9/libathemecore/object.c
Examining data/atheme-services-7.2.9/libathemecore/servers.c
Examining data/atheme-services-7.2.9/libathemecore/authcookie.c
Examining data/atheme-services-7.2.9/libathemecore/md5.c
Examining data/atheme-services-7.2.9/libathemecore/confprocess.c
Examining data/atheme-services-7.2.9/libathemecore/channels.c
Examining data/atheme-services-7.2.9/libathemecore/reslib.c
Examining data/atheme-services-7.2.9/src/ecdsakeygen/main.c
Examining data/atheme-services-7.2.9/src/footprint/main.c
Examining data/atheme-services-7.2.9/src/services/main.c
Examining data/atheme-services-7.2.9/src/ecdsasign/main.c
Examining data/atheme-services-7.2.9/src/ecdsadecode/main.c
Examining data/atheme-services-7.2.9/src/dragon/main.c
Examining data/atheme-services-7.2.9/src/dbverify/main.c
Examining data/atheme-services-7.2.9/src/base64/main.c
Examining data/atheme-services-7.2.9/include/res.h
Examining data/atheme-services-7.2.9/include/atheme.h
Examining data/atheme-services-7.2.9/include/taint.h
Examining data/atheme-services-7.2.9/include/serno.h
Examining data/atheme-services-7.2.9/include/httpd.h
Examining data/atheme-services-7.2.9/include/phandler.h
Examining data/atheme-services-7.2.9/include/hook.h
Examining data/atheme-services-7.2.9/include/datastream.h
Examining data/atheme-services-7.2.9/include/uplink.h
Examining data/atheme-services-7.2.9/include/match.h
Examining data/atheme-services-7.2.9/include/entity.h
Examining data/atheme-services-7.2.9/include/users.h
Examining data/atheme-services-7.2.9/include/libathemecore.h
Examining data/atheme-services-7.2.9/include/atheme_string.h
Examining data/atheme-services-7.2.9/include/connection.h
Examining data/atheme-services-7.2.9/include/account.h
Examining data/atheme-services-7.2.9/include/servers.h
Examining data/atheme-services-7.2.9/include/auth.h
Examining data/atheme-services-7.2.9/include/services.h
Examining data/atheme-services-7.2.9/include/i18n.h
Examining data/atheme-services-7.2.9/include/servtree.h
Examining data/atheme-services-7.2.9/include/flags.h
Examining data/atheme-services-7.2.9/include/entity-validation.h
Examining data/atheme-services-7.2.9/include/conf.h
Examining data/atheme-services-7.2.9/include/md5.h
Examining data/atheme-services-7.2.9/include/object.h
Examining data/atheme-services-7.2.9/include/base64.h
Examining data/atheme-services-7.2.9/include/crypto.h
Examining data/atheme-services-7.2.9/include/global.h
Examining data/atheme-services-7.2.9/include/privs.h
Examining data/atheme-services-7.2.9/include/module.h
Examining data/atheme-services-7.2.9/include/linker.h
Examining data/atheme-services-7.2.9/include/reslib.h
Examining data/atheme-services-7.2.9/include/atheme_memory.h
Examining data/atheme-services-7.2.9/include/channels.h
Examining data/atheme-services-7.2.9/include/abirev.h
Examining data/atheme-services-7.2.9/include/template.h
Examining data/atheme-services-7.2.9/include/pmodule.h
Examining data/atheme-services-7.2.9/include/common.h
Examining data/atheme-services-7.2.9/include/tools.h
Examining data/atheme-services-7.2.9/include/stdinc.h
Examining data/atheme-services-7.2.9/include/authcookie.h
Examining data/atheme-services-7.2.9/include/database_backend.h
Examining data/atheme-services-7.2.9/include/table.h
Examining data/atheme-services-7.2.9/include/uid.h
Examining data/atheme-services-7.2.9/include/culture.h
Examining data/atheme-services-7.2.9/include/inline/connection.h
Examining data/atheme-services-7.2.9/include/inline/account.h
Examining data/atheme-services-7.2.9/include/inline/channels.h
Examining data/atheme-services-7.2.9/include/protocol/ircnet.h
Examining data/atheme-services-7.2.9/include/protocol/bahamut.h
Examining data/atheme-services-7.2.9/include/protocol/ircd-seven.h
Examining data/atheme-services-7.2.9/include/protocol/charybdis.h
Examining data/atheme-services-7.2.9/include/protocol/ngircd.h
Examining data/atheme-services-7.2.9/include/protocol/ratbox.h
Examining data/atheme-services-7.2.9/include/protocol/inspircd.h
Examining data/atheme-services-7.2.9/include/protocol/unreal.h
Examining data/atheme-services-7.2.9/include/protocol/elemental-ircd.h
Examining data/atheme-services-7.2.9/include/protocol/asuka.h
Examining data/atheme-services-7.2.9/include/protocol/nefarious.h
Examining data/atheme-services-7.2.9/include/sourceinfo.h
Examining data/atheme-services-7.2.9/include/commandtree.h
Examining data/atheme-services-7.2.9/include/confprocess.h
Examining data/atheme-services-7.2.9/include/sasl.h

FINAL RESULTS:

data/atheme-services-7.2.9/contrib/anope_convert.c:147:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(passwdbuf, "$%s$", encmod);
data/atheme-services-7.2.9/contrib/anope_convert.c:191:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
						nc->access[ii]);
data/atheme-services-7.2.9/contrib/anope_convert.c:299:14:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
				if (!ci->access[j].in_use)
data/atheme-services-7.2.9/contrib/anope_convert.c:302:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
				if (ci->access[j].nc == ci->founder)
data/atheme-services-7.2.9/contrib/anope_convert.c:308:17:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
				switch (ci->access[j].level)
data/atheme-services-7.2.9/contrib/anope_convert.c:317:22:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
							ci->name, ci->access[j].nc->display, ci->access[j].level);
data/atheme-services-7.2.9/contrib/anope_convert.c:317:49:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
							ci->name, ci->access[j].nc->display, ci->access[j].level);
data/atheme-services-7.2.9/contrib/anope_convert.c:324:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
						ci->access[j].nc->display, flags);
data/atheme-services-7.2.9/include/commandtree.h:17:14:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	const char *access;
data/atheme-services-7.2.9/include/crypto.h:18:16:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	const char *(*crypt)(const char *key, const char *salt);
data/atheme-services-7.2.9/include/servtree.h:28:21:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	mowgli_patricia_t *access;
data/atheme-services-7.2.9/include/servtree.h:60:80:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
E const char *service_set_access(service_t *sptr, const char *cmd, const char *access);
data/atheme-services-7.2.9/libathemecore/account.c:496:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, ap);
data/atheme-services-7.2.9/libathemecore/account.c:906:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(copy + 11, md->value);
data/atheme-services-7.2.9/libathemecore/atheme.c:458:3:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		execv(BINDIR "/atheme-services", argv);
data/atheme-services-7.2.9/libathemecore/auth.c:71:35:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
					mowgli_strlcpy(mu->pass, ci->crypt(password, ci->salt()), PASSLEN);
data/atheme-services-7.2.9/libathemecore/auth.c:79:42:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
				mowgli_strlcpy(mu->pass, ci_default->crypt(password, ci_default->salt()), PASSLEN);
data/atheme-services-7.2.9/libathemecore/commandtree.c:56:24:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (!(has_priv(si, c->access) && has_priv(si, userlevel)))
data/atheme-services-7.2.9/libathemecore/commandtree.c:94:28:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (si->smu == NULL && c->access != NULL && !strcasecmp(c->access, AC_AUTHENTICATED))
data/atheme-services-7.2.9/libathemecore/commandtree.c:94:61:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (si->smu == NULL && c->access != NULL && !strcasecmp(c->access, AC_AUTHENTICATED))
data/atheme-services-7.2.9/libathemecore/commandtree.c:101:50:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	cmdaccess = service_set_access(svs, c->name, c->access);
data/atheme-services-7.2.9/libathemecore/commandtree.c:120:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (c->access && (!cmdaccess || strcmp(c->access, cmdaccess)))
data/atheme-services-7.2.9/libathemecore/commandtree.c:120:45:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (c->access && (!cmdaccess || strcmp(c->access, cmdaccess)))
data/atheme-services-7.2.9/libathemecore/commandtree.c:122:33:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
			mowgli_strlcat(accessbuf, c->access, BUFSIZE);
data/atheme-services-7.2.9/libathemecore/commandtree.c:189:23:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (has_priv(si, c->access) || (c->access != NULL && !strcasecmp(c->access, AC_AUTHENTICATED) && si->smu != NULL))
data/atheme-services-7.2.9/libathemecore/commandtree.c:189:38:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (has_priv(si, c->access) || (c->access != NULL && !strcasecmp(c->access, AC_AUTHENTICATED) && si->smu != NULL))
data/atheme-services-7.2.9/libathemecore/commandtree.c:189:71:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (has_priv(si, c->access) || (c->access != NULL && !strcasecmp(c->access, AC_AUTHENTICATED) && si->smu != NULL))
data/atheme-services-7.2.9/libathemecore/commandtree.c:247:61:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (string_in_list(maincmds, c->name) && (has_priv(si, c->access) || (c->access != NULL && !strcasecmp(c->access, AC_AUTHENTICATED) && si->smu != NULL)))
data/atheme-services-7.2.9/libathemecore/commandtree.c:247:76:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (string_in_list(maincmds, c->name) && (has_priv(si, c->access) || (c->access != NULL && !strcasecmp(c->access, AC_AUTHENTICATED) && si->smu != NULL)))
data/atheme-services-7.2.9/libathemecore/commandtree.c:247:109:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (string_in_list(maincmds, c->name) && (has_priv(si, c->access) || (c->access != NULL && !strcasecmp(c->access, AC_AUTHENTICATED) && si->smu != NULL)))
data/atheme-services-7.2.9/libathemecore/commandtree.c:266:62:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (!string_in_list(maincmds, c->name) && (has_priv(si, c->access) || (c->access != NULL && !strcasecmp(c->access, AC_AUTHENTICATED) && si->smu != NULL)))
data/atheme-services-7.2.9/libathemecore/commandtree.c:266:77:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (!string_in_list(maincmds, c->name) && (has_priv(si, c->access) || (c->access != NULL && !strcasecmp(c->access, AC_AUTHENTICATED) && si->smu != NULL)))
data/atheme-services-7.2.9/libathemecore/commandtree.c:266:110:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (!string_in_list(maincmds, c->name) && (has_priv(si, c->access) || (c->access != NULL && !strcasecmp(c->access, AC_AUTHENTICATED) && si->smu != NULL)))
data/atheme-services-7.2.9/libathemecore/conf.c:413:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(newprivs, privs);
data/atheme-services-7.2.9/libathemecore/conf.c:415:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(newprivs, ce->vardata);
data/atheme-services-7.2.9/libathemecore/conf.c:441:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(newprivs, privs);
data/atheme-services-7.2.9/libathemecore/conf.c:443:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
						strcat(newprivs, conf_p->varname);
data/atheme-services-7.2.9/libathemecore/conf.c:469:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(newprivs, privs);
data/atheme-services-7.2.9/libathemecore/conf.c:471:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				strcat(newprivs, parent->privs);
data/atheme-services-7.2.9/libathemecore/confprocess.c:92:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, va);
data/atheme-services-7.2.9/libathemecore/crypto.c:72:25:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	return_val_if_fail(ci->crypt != NULL, &fallback_crypt_impl);
data/atheme-services-7.2.9/libathemecore/crypto.c:87:13:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	return ci->crypt(key, salt);
data/atheme-services-7.2.9/libathemecore/crypto.c:133:14:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		cstr = ci->crypt(uinput, pass);
data/atheme-services-7.2.9/libathemecore/crypto.c:139:29:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	cstr = fallback_crypt_impl.crypt(uinput, pass);
data/atheme-services-7.2.9/libathemecore/database_backend.c:286:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, va);
data/atheme-services-7.2.9/libathemecore/function.c:729:4:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
			execl(me.mta, me.mta, "-t", "-f", me.register_email, NULL);
data/atheme-services-7.2.9/libathemecore/logger.c:569:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, args);
data/atheme-services-7.2.9/libathemecore/logger.c:662:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(lbuf, BUFSIZE, fmt, args);
data/atheme-services-7.2.9/libathemecore/logger.c:696:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(lbuf, BUFSIZE, fmt, args);
data/atheme-services-7.2.9/libathemecore/logger.c:748:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(lbuf, BUFSIZE, fmt, args);
data/atheme-services-7.2.9/libathemecore/logger.c:784:51:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		 get_source_security_label(si), cmd->name, cmd->access, userlevel != NULL ? userlevel : "");
data/atheme-services-7.2.9/libathemecore/logger.c:786:51:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		 get_source_security_label(si), cmd->name, cmd->access, userlevel != NULL ? userlevel : "");
data/atheme-services-7.2.9/libathemecore/memory.c:72:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(t, s);
data/atheme-services-7.2.9/libathemecore/phandler.c:122:6:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	if (vsnprintf(buf, sizeof buf, fmt, ap) < 0)
data/atheme-services-7.2.9/libathemecore/phandler.c:172:6:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	if (vsnprintf(buf, sizeof buf, fmt, va) < 0)
data/atheme-services-7.2.9/libathemecore/res.c:279:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(hname + len, irc_domain);
data/atheme-services-7.2.9/libathemecore/res.c:452:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(request->name, host_name);
data/atheme-services-7.2.9/libathemecore/send.c:43:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, 511, fmt, ap); /* leave two bytes for \r\n */
data/atheme-services-7.2.9/libathemecore/services.c:146:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, ap);
data/atheme-services-7.2.9/libathemecore/services.c:363:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, ap);
data/atheme-services-7.2.9/libathemecore/services.c:707:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, args);
data/atheme-services-7.2.9/libathemecore/services.c:753:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, args);
data/atheme-services-7.2.9/libathemecore/services.c:860:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, sizeof buf, fmt, args);
data/atheme-services-7.2.9/libathemecore/services.c:889:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, args);
data/atheme-services-7.2.9/libathemecore/services.c:932:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, args);
data/atheme-services-7.2.9/libathemecore/services.c:1102:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, args);
data/atheme-services-7.2.9/libathemecore/services.c:1120:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, args);
data/atheme-services-7.2.9/libathemecore/servtree.c:239:12:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (sptr->access)
data/atheme-services-7.2.9/libathemecore/servtree.c:240:33:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		mowgli_patricia_destroy(sptr->access, free_access_string, NULL);
data/atheme-services-7.2.9/libathemecore/servtree.c:256:29:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		mowgli_patricia_add(sptr->access, subce->varname,
data/atheme-services-7.2.9/libathemecore/servtree.c:361:12:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (sptr->access)
data/atheme-services-7.2.9/libathemecore/servtree.c:362:33:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		mowgli_patricia_destroy(sptr->access, free_access_string, NULL);
data/atheme-services-7.2.9/libathemecore/servtree.c:504:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(str, "%s@%s", name, me.name);
data/atheme-services-7.2.9/libathemecore/servtree.c:544:45:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	newaccess = mowgli_patricia_retrieve(sptr->access, cmd);
data/atheme-services-7.2.9/libathemecore/snprintf.c:202:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#ifdef snprintf
data/atheme-services-7.2.9/libathemecore/snprintf.c:203:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#undef snprintf
data/atheme-services-7.2.9/libathemecore/snprintf.c:205:8:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#ifdef vsnprintf
data/atheme-services-7.2.9/libathemecore/snprintf.c:206:8:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#undef vsnprintf
data/atheme-services-7.2.9/libathemecore/snprintf.c:270:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf rpl_snprintf
data/atheme-services-7.2.9/libathemecore/snprintf.c:271:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define vsnprintf rpl_vsnprintf
data/atheme-services-7.2.9/libathemecore/snprintf.c:1493:8:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	len = vsnprintf(NULL, 0, format, aq);
data/atheme-services-7.2.9/libathemecore/snprintf.c:1497:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	return vsnprintf(*ret, size, format, ap);
data/atheme-services-7.2.9/libathemecore/snprintf.c:1522:8:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	len = vsnprintf(str, size, format, ap);
data/atheme-services-7.2.9/libathemecore/snprintf.c:2052:9:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
			r1 = sprintf(buf1, fmt[i], val[j]);                    \
data/atheme-services-7.2.9/libathemecore/snprintf.c:2053:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			r2 = snprintf(buf2, sizeof(buf2), fmt[i], val[j]);     \
data/atheme-services-7.2.9/libathemecore/strshare.c:52:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy((char *)(ss + 1), str);
data/atheme-services-7.2.9/libathemecore/table.c:88:6:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	if (vsnprintf(buf, sizeof buf, fmt, vl) < 0)
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/logger.c:62:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, MOWGLI_LOG_BUF_SIZE - len, fmt, va);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/logger.c:80:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, 4095 - len, fmt, va);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/mowgli_string.c:193:8:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	len = vsnprintf(buf, sizeof buf, fmt, va);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/process.c:39:2:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	execv(execv_req->path, execv_req->argv);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_res.c:493:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(hname + len, state->domain);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_reslist_win32.c:67:10:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		ret += sprintf(ret, "%s,", fixedinfo->DnsServerList.IpAddress.String);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_reslist_win32.c:76:11:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			ret += sprintf(ret, "%s,", ip_addr->IpAddress.String);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/confparse.c:65:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buffer, sizeof buffer, format, ap);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/error_backtrace.c:87:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, 65535, msg, va);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/getopt_long.c:68:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(stderr, fmt, ap);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/json.c:800:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(parse->error, ERRBUFSIZE, fmt, va);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/proctitle.c:233:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(ps_buffer, ps_buffer_size, fmt, va);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/proctitle.c:291:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(name, "mowgli_ident(%d): %s", getpid(), ps_buffer);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/linebuf/linebuf.c:245:8:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	len = vsnprintf(buf, linebuf->writebuf.maxbuflen - 1, format, va);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/platform/attributes.h:38:62:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
# define MOWGLI_PRINTF(proto, n) proto __attribute__((format(printf, n, n + 1)))
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/platform/win32/win32_stdinc.h:36:11:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define snprintf _snprintf
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/platform/win32/win32_stdinc.h:36:20:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define snprintf _snprintf
data/atheme-services-7.2.9/modules/auth/ldap.c:147:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(dn, sizeof dn, ldap_config.dnformat, entity(mu)->name);
data/atheme-services-7.2.9/modules/auth/ldap.c:193:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(what, "%s=%s", ldap_config.attribute, entity(mu)->name);
data/atheme-services-7.2.9/modules/botserv/main.c:86:6:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	if (vsnprintf(buf, sizeof buf, fmt, ap) < 0)
data/atheme-services-7.2.9/modules/botserv/main.c:120:6:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	if (vsnprintf(buf, sizeof buf, fmt, ap) < 0)
data/atheme-services-7.2.9/modules/chanserv/chanserv.h:39:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(act->nick, nick);
data/atheme-services-7.2.9/modules/chanserv/moderate.c:135:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, memo, va);
data/atheme-services-7.2.9/modules/chanserv/moderate.c:162:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, memo, va);
data/atheme-services-7.2.9/modules/contrib/gs_roulette.c:47:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, args);
data/atheme-services-7.2.9/modules/contrib/on_db_save.c:126:4:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
			execl("/bin/sh", "sh",  "-c", command, NULL);
data/atheme-services-7.2.9/modules/contrib/os_testproc.c:118:4:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
			execl("/bin/sh", "sh", "-c", "echo hi; sleep 1; echo hi 2; sleep 0.5; echo hi 3; sleep 4; echo hi 4", (char *)NULL);
data/atheme-services-7.2.9/modules/crypto/pbkdf2v2.c:64:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	(void) snprintf(result, sizeof result, PBKDF2_F_SALT,
data/atheme-services-7.2.9/modules/crypto/pbkdf2v2.c:86:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	if (sscanf(crypt_str, PBKDF2_F_SCAN, &prf, &iter, salt) < 3)
data/atheme-services-7.2.9/modules/crypto/pbkdf2v2.c:121:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	(void) snprintf(result, sizeof result, PBKDF2_F_PRINT,
data/atheme-services-7.2.9/modules/crypto/pbkdf2v2.c:132:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	if (sscanf(user_pass_string, PBKDF2_F_SCAN, &prf, &iter, salt) < 3)
data/atheme-services-7.2.9/modules/crypto/posix.c:26:11:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	result = crypt(key, salt);
data/atheme-services-7.2.9/modules/crypto/posix.c:35:12:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		result = crypt(key, salt2);
data/atheme-services-7.2.9/modules/crypto/posix.c:195:27:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
#warning could not find a crypt impl, sorry (this is stubbed)
data/atheme-services-7.2.9/modules/crypto/rawmd5.c:32:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(output, RAWMD5_PREFIX);
data/atheme-services-7.2.9/modules/crypto/rawsha1.c:36:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(output, RAWSHA1_PREFIX);
data/atheme-services-7.2.9/modules/gameserv/dice.c:145:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(&buffer[150], "...%s = %.8g", &s_input[strlen(s_input) - 10], expr);
data/atheme-services-7.2.9/modules/gameserv/dice.c:149:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(buffer, "%s = %.8g", s_input, expr);
data/atheme-services-7.2.9/modules/gameserv/gameserv_common.h:22:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, args);
data/atheme-services-7.2.9/modules/gameserv/gameserv_common.h:111:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, notification, va);
data/atheme-services-7.2.9/modules/groupserv/main/hooks.c:157:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(priv, sizeof(priv), PRIV_IMPERSONATE_ENTITY_FMT, entity(ga->mg)->name);
data/atheme-services-7.2.9/modules/misc/canon_gmail.c:49:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(email, buf);
data/atheme-services-7.2.9/modules/operserv/compare.c:87:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
						strcat((char *)buf, tmpbuf);
data/atheme-services-7.2.9/modules/operserv/compare.c:148:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
						strcat((char *)buf, tmpbuf);
data/atheme-services-7.2.9/modules/operserv/rakill.c:94:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(usermask, "%s!%s@%s %s", source->nick, source->user, source->host, source->gecos);
data/atheme-services-7.2.9/modules/operserv/rakill.c:107:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(usermask, "%s!%s@%s %s", u->nick, u->user, u->host, u->gecos);
data/atheme-services-7.2.9/modules/operserv/rmatch.c:89:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(usermask, "%s!%s@%s %s", u->nick, u->user, u->host, u->gecos);
data/atheme-services-7.2.9/modules/protocol/bahamut.c:224:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, ap);
data/atheme-services-7.2.9/modules/protocol/bahamut.c:285:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, ap);
data/atheme-services-7.2.9/modules/protocol/inspircd.c:425:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, ap);
data/atheme-services-7.2.9/modules/protocol/inspircd.c:458:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, ap);
data/atheme-services-7.2.9/modules/protocol/ircnet.c:156:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, ap);
data/atheme-services-7.2.9/modules/protocol/ircnet.c:217:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, ap);
data/atheme-services-7.2.9/modules/protocol/ngircd.c:161:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, ap);
data/atheme-services-7.2.9/modules/protocol/ngircd.c:218:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, ap);
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:114:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, ap);
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:180:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, ap);
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:171:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, ap);
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:248:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, ap);
data/atheme-services-7.2.9/modules/protocol/unreal.c:402:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, ap);
data/atheme-services-7.2.9/modules/protocol/unreal.c:459:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, ap);
data/atheme-services-7.2.9/modules/protocol/unreal4.c:405:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, ap);
data/atheme-services-7.2.9/modules/protocol/unreal4.c:462:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, BUFSIZE, fmt, ap);
data/atheme-services-7.2.9/modules/saslserv/authcookie.c:55:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(authz, message);
data/atheme-services-7.2.9/modules/saslserv/authcookie.c:64:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(authc, message);
data/atheme-services-7.2.9/modules/saslserv/main.c:395:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(ptr, mptr->name);
data/atheme-services-7.2.9/modules/saslserv/main.c:551:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(lbuf, BUFSIZE, fmt, args);
data/atheme-services-7.2.9/modules/saslserv/main.c:574:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(priv, sizeof(priv), PRIV_IMPERSONATE_CLASS_FMT, classname);
data/atheme-services-7.2.9/modules/saslserv/main.c:580:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(priv, sizeof(priv), PRIV_IMPERSONATE_ENTITY_FMT, entity(target_mu)->name);
data/atheme-services-7.2.9/modules/transport/jsonrpc/main.c:313:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(p, newmessage);
data/atheme-services-7.2.9/modules/transport/xmlrpc/main.c:193:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(p, newmessage);
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:348:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(s2, header);
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:426:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(s2, header);
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:482:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(s2, header);
data/atheme-services-7.2.9/libathemecore/atheme.c:210:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(arc4random());
data/atheme-services-7.2.9/libathemecore/res.c:542:31:  [3] (random) lrand48:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
			header->id = (header->id + lrand48()) & 0xffff;
data/atheme-services-7.2.9/libmowgli-2/src/examples/libevent-bench/bench.c:192:14:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt(argc, argv, "n:a:w:te")) != -1)
data/atheme-services-7.2.9/libmowgli-2/src/examples/patriciatest2/patriciatest2.c:98:2:  [3] (random) srandom:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srandom(12346);
data/atheme-services-7.2.9/libmowgli-2/src/examples/patriciatest2/patriciatest2.c:103:19:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
			buf[j] = 'a' + random() % 26;
data/atheme-services-7.2.9/libmowgli-2/src/examples/patriciatest2/patriciatest2.c:105:12:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		buf[20 + random() % 20] = '\0';
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_reslist_win32.c:42:17:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
	if (!(handle = LoadLibrary("iphlpapi.dll")))
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/eventloop/helper.c:172:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	env_io_fd = getenv("IO_FD");
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/getopt_long.c:48:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
#define IS_POSIXLY_CORRECT (getenv("POSIXLY_CORRECT") != NULL)
data/atheme-services-7.2.9/src/footprint/main.c:19:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(time(NULL));
data/atheme-services-7.2.9/contrib/anope_convert.c:66:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char decr_pass[PASSMAX * 3 + 1];
data/atheme-services-7.2.9/contrib/anope_convert.c:68:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char passwdbuf[PASSMAX * 3 + 1];
data/atheme-services-7.2.9/contrib/anope_convert.c:122:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
					strcpy(passwdbuf, "$ircservices$");
data/atheme-services-7.2.9/contrib/anope_convert.c:127:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(passwdbuf + 13 + 2 * ii, "%02x",
data/atheme-services-7.2.9/contrib/anope_convert.c:132:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
					strcpy(passwdbuf, "$rawmd5$");
data/atheme-services-7.2.9/contrib/anope_convert.c:134:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(passwdbuf + 8 + 2 * ii, "%02x",
data/atheme-services-7.2.9/contrib/anope_convert.c:139:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
					strcpy(passwdbuf, "$rawsha1$");
data/atheme-services-7.2.9/contrib/anope_convert.c:141:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(passwdbuf + 9 + 2 * ii, "%02x",
data/atheme-services-7.2.9/contrib/anope_convert.c:150:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(passwd + 2 * ii, "%02x",
data/atheme-services-7.2.9/contrib/anope_convert.c:436:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	f = fopen(WHERE_TO "services.db", "w");
data/atheme-services-7.2.9/include/account.h:74:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char pass[PASSLEN];
data/atheme-services-7.2.9/include/account.h:130:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char nick[NICKLEN];
data/atheme-services-7.2.9/include/account.h:145:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[NICKLEN];
data/atheme-services-7.2.9/include/account.h:274:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	 sender[NICKLEN];
data/atheme-services-7.2.9/include/account.h:275:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char 	 text[MEMOLEN];
data/atheme-services-7.2.9/include/connection.h:37:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[HOSTLEN];
data/atheme-services-7.2.9/include/connection.h:38:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hbuf[BUFSIZE + 1];
data/atheme-services-7.2.9/include/entity.h:22:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id[IDLEN];
data/atheme-services-7.2.9/include/httpd.h:22:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char method[64];
data/atheme-services-7.2.9/include/httpd.h:23:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[256];
data/atheme-services-7.2.9/include/module.h:35:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[BUFSIZE];
data/atheme-services-7.2.9/include/module.h:36:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char modpath[BUFSIZE];
data/atheme-services-7.2.9/include/reslib.h:123:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char irc_domain[IRCD_RES_HOSTLEN + 1];
data/atheme-services-7.2.9/include/sasl.h:44:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[60];
data/atheme-services-7.2.9/include/taint.h:12:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char condition[BUFSIZE];
data/atheme-services-7.2.9/include/taint.h:13:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char file[BUFSIZE];
data/atheme-services-7.2.9/include/taint.h:15:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/include/tools.h:120:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef void (*email_canonicalizer_t)(char email[EMAILLEN + 1], void *user_data);
data/atheme-services-7.2.9/include/tools.h:136:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
E void canonicalize_email_case(char email[EMAILLEN + 1], void *user_data);
data/atheme-services-7.2.9/include/tools.h:178:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
E void decode_p10_ip(const char *b64, char ipstring[HOSTIPLEN]);
data/atheme-services-7.2.9/include/tools.h:178:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
E void decode_p10_ip(const char *b64, char ipstring[HOSTIPLEN]);
data/atheme-services-7.2.9/libathemecore/account.c:200:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char nicks[200];
data/atheme-services-7.2.9/libathemecore/account.c:360:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char nb[NICKLEN];
data/atheme-services-7.2.9/libathemecore/account.c:484:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/account.c:523:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[USERLEN+HOSTLEN];
data/atheme-services-7.2.9/libathemecore/account.c:524:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf2[USERLEN+HOSTLEN];
data/atheme-services-7.2.9/libathemecore/account.c:525:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf3[USERLEN+HOSTLEN];
data/atheme-services-7.2.9/libathemecore/account.c:526:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf4[USERLEN+HOSTLEN];
data/atheme-services-7.2.9/libathemecore/account.c:905:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(copy, "(restored) ", 11);
data/atheme-services-7.2.9/libathemecore/account.c:1064:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char names[512];
data/atheme-services-7.2.9/libathemecore/account.c:1196:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/account.c:1197:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char params[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/account.c:1308:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char mlock[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/arc4random.c:67:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char rs_buf[RSBUFSZ];	/* keystream blocks */
data/atheme-services-7.2.9/libathemecore/arc4random.c:92:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1)
data/atheme-services-7.2.9/libathemecore/arc4random.c:111:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char rnd[KEYSZ + IVSZ];
data/atheme-services-7.2.9/libathemecore/arc4random.c:179:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(buf, rs_buf + RSBUFSZ - rs_have, m);
data/atheme-services-7.2.9/libathemecore/arc4random.c:196:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(val, rs_buf + RSBUFSZ - rs_have, sizeof(*val));
data/atheme-services-7.2.9/libathemecore/atheme.c:141:6:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (open("/dev/null", O_RDWR) != 0)
data/atheme-services-7.2.9/libathemecore/atheme.c:257:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[32];
data/atheme-services-7.2.9/libathemecore/atheme.c:331:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((pid_file = fopen(pidfilename, "r")))
data/atheme-services-7.2.9/libathemecore/atheme.c:335:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			pid = atoi(buf);
data/atheme-services-7.2.9/libathemecore/atheme.c:390:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((pid_file = fopen(pidfilename, "w")))
data/atheme-services-7.2.9/libathemecore/base64.c:115:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char input[3];
data/atheme-services-7.2.9/libathemecore/base64.c:116:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char output[4];
data/atheme-services-7.2.9/libathemecore/chacha_private.h:51:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char sigma[16] = "expand 32-byte k";
data/atheme-services-7.2.9/libathemecore/chacha_private.h:52:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char tau[16] = "expand 16-byte k";
data/atheme-services-7.2.9/libathemecore/cidr.c:51:36:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		if (mask % 8 == 0 || (((unsigned char *) addr)[n] & m) == (((unsigned char *) dest)[n] & m))
data/atheme-services-7.2.9/libathemecore/cidr.c:51:73:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		if (mask % 8 == 0 || (((unsigned char *) addr)[n] & m) == (((unsigned char *) dest)[n] & m))
data/atheme-services-7.2.9/libathemecore/cidr.c:96:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char tmp[INADDRSZ], *tp;
data/atheme-services-7.2.9/libathemecore/cidr.c:130:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, tmp, INADDRSZ);
data/atheme-services-7.2.9/libathemecore/cidr.c:151:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
data/atheme-services-7.2.9/libathemecore/cidr.c:240:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, tmp, IN6ADDRSZ);
data/atheme-services-7.2.9/libathemecore/cidr.c:253:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char ipaddr[IN6ADDRSZ], maskaddr[IN6ADDRSZ];
data/atheme-services-7.2.9/libathemecore/cidr.c:254:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipmask[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/cidr.c:255:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ip[HOSTLEN + 1];
data/atheme-services-7.2.9/libathemecore/cidr.c:271:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	cidrlen = atoi(len);
data/atheme-services-7.2.9/libathemecore/cidr.c:308:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char ipaddr[IN6ADDRSZ], maskaddr[IN6ADDRSZ];
data/atheme-services-7.2.9/libathemecore/cidr.c:309:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mask[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/cidr.c:310:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char address[NICKLEN + USERLEN + HOSTLEN + 6];
data/atheme-services-7.2.9/libathemecore/cidr.c:339:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	cidrlen = atoi(len);
data/atheme-services-7.2.9/libathemecore/cidr.c:371:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipaddr[HOSTLEN + 6];
data/atheme-services-7.2.9/libathemecore/cidr.c:372:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[IN6ADDRSZ];
data/atheme-services-7.2.9/libathemecore/cmode.c:29:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[32];
data/atheme-services-7.2.9/libathemecore/cmode.c:206:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				newlimit = atoi(parv[parpos]);
data/atheme-services-7.2.9/libathemecore/cmode.c:371:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *parv[255];
data/atheme-services-7.2.9/libathemecore/cmode.c:393:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char source[HOSTLEN]; /* name */
data/atheme-services-7.2.9/libathemecore/cmode.c:398:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char extmodes[256][512];
data/atheme-services-7.2.9/libathemecore/cmode.c:400:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pmodes[2*MAXMODES+2];
data/atheme-services-7.2.9/libathemecore/cmode.c:401:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char params[512]; /* includes leading space */
data/atheme-services-7.2.9/libathemecore/cmode.c:475:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/atheme-services-7.2.9/libathemecore/cmode.c:638:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[3];
data/atheme-services-7.2.9/libathemecore/cmode.c:803:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char fullmode[512];
data/atheme-services-7.2.9/libathemecore/cmode.c:804:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char params[512];
data/atheme-services-7.2.9/libathemecore/cmode.c:863:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str2[512];
data/atheme-services-7.2.9/libathemecore/commandtree.c:116:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char accessbuf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/commandtree.c:140:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *parv[20];
data/atheme-services-7.2.9/libathemecore/commandtree.c:234:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256], *p;
data/atheme-services-7.2.9/libathemecore/conf.c:122:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char opts[53];
data/atheme-services-7.2.9/libathemecore/conf.c:264:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pathbuf[4096];
data/atheme-services-7.2.9/libathemecore/conf.c:928:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/confprocess.c:85:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/confprocess.c:86:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[80];
data/atheme-services-7.2.9/libathemecore/connection.c:383:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/connection.c:505:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/connection.c:594:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/connection.c:671:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[160];
data/atheme-services-7.2.9/libathemecore/connection.c:672:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf2[20];
data/atheme-services-7.2.9/libathemecore/crypto.c:36:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/ctcp-common.c:44:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ver[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/culture.c:148:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/culture.c:267:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char names[512];
data/atheme-services-7.2.9/libathemecore/database_backend.c:283:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/datastream.c:40:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[SENDQSIZE];
data/atheme-services-7.2.9/libathemecore/datastream.c:80:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(sq->buf + sq->firstfree, buf + pos, l);
data/atheme-services-7.2.9/libathemecore/datastream.c:94:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(sq->buf + sq->firstfree, buf + pos, l);
data/atheme-services-7.2.9/libathemecore/datastream.c:293:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(p, sq->buf + sq->firstused, l);
data/atheme-services-7.2.9/libathemecore/datastream.c:349:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(p, sq->buf + sq->firstused, l);
data/atheme-services-7.2.9/libathemecore/entity.c:9:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char last_entity_uid[IDLEN];
data/atheme-services-7.2.9/libathemecore/flags.c:32:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char flags_buf[128];
data/atheme-services-7.2.9/libathemecore/flags.c:408:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/flags.c:431:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[257];
data/atheme-services-7.2.9/libathemecore/function.c:48:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/atheme-services-7.2.9/libathemecore/function.c:126:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, new, newlen);
data/atheme-services-7.2.9/libathemecore/function.c:137:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char ret[32];
data/atheme-services-7.2.9/libathemecore/function.c:145:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char ret[128];
data/atheme-services-7.2.9/libathemecore/function.c:197:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/function.c:353:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[EMAILLEN + 1];
data/atheme-services-7.2.9/libathemecore/function.c:370:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void canonicalize_email_case(char email[EMAILLEN + 1], void *user_data)
data/atheme-services-7.2.9/libathemecore/function.c:456:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char mask_buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/function.c:632:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char timebuf[BUFSIZE], to[BUFSIZE], from[BUFSIZE], buf[BUFSIZE], pathbuf[BUFSIZE], sourceinfo[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/function.c:689:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((in = fopen(pathbuf, "r")) == NULL)
data/atheme-services-7.2.9/libathemecore/function.c:808:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/function.c:866:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/help.c:36:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/atheme-services-7.2.9/libathemecore/help.c:73:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char word[80];
data/atheme-services-7.2.9/libathemecore/help.c:118:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char subname[BUFSIZE], buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/help.c:133:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				help_file = fopen(c->help.path, "r");
data/atheme-services-7.2.9/libathemecore/help.c:138:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(subname, "userserv", 8);
data/atheme-services-7.2.9/libathemecore/help.c:148:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
					help_file = fopen(buf, "r");
data/atheme-services-7.2.9/libathemecore/help.c:153:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
					help_file = fopen(buf, "r");
data/atheme-services-7.2.9/libathemecore/logger.c:149:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char outbuf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/logger.c:189:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char datetime[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/logger.c:235:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char targetbuf[NICKLEN];
data/atheme-services-7.2.9/libathemecore/logger.c:368:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((lf->log_file = fopen(path, "a")) == NULL)
data/atheme-services-7.2.9/libathemecore/logger.c:559:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/logger.c:561:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char datetime[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/logger.c:659:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lbuf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/logger.c:691:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lbuf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/logger.c:692:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char accountbuf[NICKLEN * 5]; /* entity name len is NICKLEN * 4, plus another for the ID */
data/atheme-services-7.2.9/libathemecore/logger.c:745:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lbuf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/match.c:606:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char errmsg[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/md5.c:273:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pms->buf + offset, p, copy);
data/atheme-services-7.2.9/libathemecore/md5.c:287:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pms->buf, p, left);
data/atheme-services-7.2.9/libathemecore/module.c:67:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pathbuf[BUFSIZE], errbuf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/module.c:132:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char linker_errbuf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/module.c:240:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char module_filename[4096];
data/atheme-services-7.2.9/libathemecore/module.c:279:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char module_filename[4096];
data/atheme-services-7.2.9/libathemecore/node.c:145:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char treason[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/packet.c:38:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char parsebuf[BUFSIZE + 1];
data/atheme-services-7.2.9/libathemecore/phandler.c:90:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/phandler.c:119:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/phandler.c:169:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/phandler.c:308:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hostbuf[NICKLEN+USERLEN+HOSTLEN];
data/atheme-services-7.2.9/libathemecore/phandler.c:309:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cloakbuf[NICKLEN+USERLEN+HOSTLEN];
data/atheme-services-7.2.9/libathemecore/phandler.c:310:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char realbuf[NICKLEN+USERLEN+HOSTLEN];
data/atheme-services-7.2.9/libathemecore/phandler.c:311:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipbuf[NICKLEN+USERLEN+HOSTLEN];
data/atheme-services-7.2.9/libathemecore/phandler.c:333:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hostbuf[NICKLEN+USERLEN+HOSTLEN];
data/atheme-services-7.2.9/libathemecore/phandler.c:334:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hostbuf2[NICKLEN+USERLEN+HOSTLEN];
data/atheme-services-7.2.9/libathemecore/phandler.c:335:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipbuf[NICKLEN+USERLEN+HOSTLEN];
data/atheme-services-7.2.9/libathemecore/ptasks.c:63:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ver[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/ptasks.c:102:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fl[10];
data/atheme-services-7.2.9/libathemecore/ptasks.c:405:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lbuf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/ptasks.c:406:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char nebuf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/ptasks.c:407:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cebuf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/ptasks.c:408:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ubuf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/ptasks.c:409:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cbuf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/ptasks.c:410:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char nbuf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/ptasks.c:417:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	f = fopen(SYSCONFDIR "/atheme.motd", "r");
data/atheme-services-7.2.9/libathemecore/ptasks.c:474:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *vec[3];
data/atheme-services-7.2.9/libathemecore/ptasks.c:529:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *vec[3];
data/atheme-services-7.2.9/libathemecore/ptasks.c:532:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name2[NICKLEN];
data/atheme-services-7.2.9/libathemecore/ptasks.c:683:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newsetter[HOSTLEN], *p;
data/atheme-services-7.2.9/libathemecore/ptasks.c:735:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char qreason[512];
data/atheme-services-7.2.9/libathemecore/qrcode.c:40:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffer, prologue, prologuelen);
data/atheme-services-7.2.9/libathemecore/qrcode.c:53:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(p, prologue, prologuelen);
data/atheme-services-7.2.9/libathemecore/qrcode.c:78:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(p, prologue, prologuelen);
data/atheme-services-7.2.9/libathemecore/res.c:63:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char queryname[IRCD_RES_HOSTLEN + 1]; /* name currently being queried */
data/atheme-services-7.2.9/libathemecore/res.c:443:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host_name[IRCD_RES_HOSTLEN + 1];
data/atheme-services-7.2.9/libathemecore/res.c:471:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&request->addr, addr, sizeof(sockaddr_any_t));
data/atheme-services-7.2.9/libathemecore/res.c:480:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(request->queryname, "%u.%u.%u.%u.in-addr.arpa", (unsigned int)(cp[3]),
data/atheme-services-7.2.9/libathemecore/res.c:489:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		(void)sprintf(request->queryname, "%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x."
data/atheme-services-7.2.9/libathemecore/res.c:519:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[MAXPACKET];
data/atheme-services-7.2.9/libathemecore/res.c:586:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hostbuf[IRCD_RES_HOSTLEN + 1];	/* working buffer */
data/atheme-services-7.2.9/libathemecore/res.c:607:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hostbuf[IRCD_RES_HOSTLEN + 100];	/* working buffer */
data/atheme-services-7.2.9/libathemecore/res.c:691:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			  memcpy(&v4->sin_addr, current, sizeof(struct in_addr));
data/atheme-services-7.2.9/libathemecore/res.c:702:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			  memcpy(&v6->sin6_addr, current, sizeof(struct in6_addr));
data/atheme-services-7.2.9/libathemecore/res.c:744:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[sizeof(RESHEADER) + MAXPACKET]
data/atheme-services-7.2.9/libathemecore/res.c:893:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char ipaddr[128];
data/atheme-services-7.2.9/libathemecore/reslib.c:100:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char irc_domain[IRCD_RES_HOSTLEN + 1];
data/atheme-services-7.2.9/libathemecore/reslib.c:102:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char digitvalue[256] = {
data/atheme-services-7.2.9/libathemecore/reslib.c:166:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char input[DNS_MAXLINE];
data/atheme-services-7.2.9/libathemecore/reslib.c:172:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((file = fopen("/etc/resolv.conf", "r")) == NULL)
data/atheme-services-7.2.9/libathemecore/reslib.c:252:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&irc_nsaddr_list[irc_nscount], res->ai_addr, res->ai_addrlen);
data/atheme-services-7.2.9/libathemecore/reslib.c:288:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char tmp[NS_MAXCDNAME];
data/atheme-services-7.2.9/libathemecore/reslib.c:338:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dstp, srcp, l);
data/atheme-services-7.2.9/libathemecore/reslib.c:673:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        dn += sprintf(dn, "\\[x");
data/atheme-services-7.2.9/libathemecore/reslib.c:675:23:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                dn += sprintf(dn, "%02x", *cp & 0xff);
data/atheme-services-7.2.9/libathemecore/reslib.c:678:23:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                dn += sprintf(dn, "%02x", tc & (0xff << (8 - b)));
data/atheme-services-7.2.9/libathemecore/reslib.c:681:22:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
               dn += sprintf(dn, "%1x",
data/atheme-services-7.2.9/libathemecore/reslib.c:684:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        dn += sprintf(dn, "/%d]", blen);
data/atheme-services-7.2.9/libathemecore/reslib.c:925:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dstp, srcp, n + 1);
data/atheme-services-7.2.9/libathemecore/reslib.c:944:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char tmp[NS_MAXCDNAME];
data/atheme-services-7.2.9/libathemecore/reslib.c:1154:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char *dnptrs[20], **dpp, **lastdnptr;
data/atheme-services-7.2.9/libathemecore/send.c:32:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[513];
data/atheme-services-7.2.9/libathemecore/services.c:40:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mask[MAX_BUF];
data/atheme-services-7.2.9/libathemecore/services.c:140:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/services.c:141:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char qreason[512];
data/atheme-services-7.2.9/libathemecore/services.c:205:10:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				ts = atol(md->value);
data/atheme-services-7.2.9/libathemecore/services.c:357:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/services.c:626:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lau[BUFSIZE], lao[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/services.c:627:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char strfbuf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/services.c:657:72:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if ((md_failnum = metadata_find(mu, "private:loginfail:failnum")) && (atoi(md_failnum->value) > 0))
data/atheme-services-7.2.9/libathemecore/services.c:663:4:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			atoi(md_failnum->value), (atoi(md_failnum->value) == 1) ? "login" : "logins");
data/atheme-services-7.2.9/libathemecore/services.c:663:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			atoi(md_failnum->value), (atoi(md_failnum->value) == 1) ? "login" : "logins");
data/atheme-services-7.2.9/libathemecore/services.c:667:9:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ts = atol(md_failtime->value);
data/atheme-services-7.2.9/libathemecore/services.c:702:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/services.c:750:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/services.c:788:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char numeric[21], strfbuf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/services.c:804:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	count = md_failnum ? atoi(md_failnum->value) : 0;
data/atheme-services-7.2.9/libathemecore/services.c:857:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/services.c:880:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/services.c:929:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/services.c:967:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char result[NICKLEN+NICKLEN+10];
data/atheme-services-7.2.9/libathemecore/services.c:992:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char result[NICKLEN+USERLEN+HOSTLEN+10];
data/atheme-services-7.2.9/libathemecore/services.c:1014:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char result[NICKLEN+USERLEN+HOSTLEN+NICKLEN+10];
data/atheme-services-7.2.9/libathemecore/services.c:1043:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char result[NICKLEN+USERLEN+HOSTLEN+NICKLEN+10];
data/atheme-services-7.2.9/libathemecore/services.c:1065:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char result[NICKLEN+USERLEN+HOSTLEN+NICKLEN+HOSTLEN+10];
data/atheme-services-7.2.9/libathemecore/services.c:1096:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/services.c:1114:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/servtree.c:40:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char orig[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/servtree.c:114:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newnick[NICKLEN + 1];
data/atheme-services-7.2.9/libathemecore/servtree.c:280:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newnick[NICKLEN];
data/atheme-services-7.2.9/libathemecore/servtree.c:380:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char internal_name[NICKLEN + 10];
data/atheme-services-7.2.9/libathemecore/servtree.c:521:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullname[256];
data/atheme-services-7.2.9/libathemecore/snprintf.c:967:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char iconvert[MAX_CONVERT_LENGTH];
data/atheme-services-7.2.9/libathemecore/snprintf.c:1072:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char iconvert[MAX_CONVERT_LENGTH];
data/atheme-services-7.2.9/libathemecore/snprintf.c:1073:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fconvert[MAX_CONVERT_LENGTH];
data/atheme-services-7.2.9/libathemecore/snprintf.c:1074:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char econvert[4];	/* "e-12" (without nul-termination). */
data/atheme-services-7.2.9/libathemecore/snprintf.c:2029:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf1[1024], buf2[1024];
data/atheme-services-7.2.9/libathemecore/snprintf.c:2084:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		(void)sprintf(buf1, "%.1f", value);
data/atheme-services-7.2.9/libathemecore/svsignore.c:82:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char host[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/table.c:82:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/libathemecore/table.c:227:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf2[1024];
data/atheme-services-7.2.9/libathemecore/table.c:264:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buf2[1024];
data/atheme-services-7.2.9/libathemecore/template.c:95:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char result[300];
data/atheme-services-7.2.9/libathemecore/ubase64.c:30:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char ub64_alphabet[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789[]";
data/atheme-services-7.2.9/libathemecore/ubase64.c:32:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char ub64_lookuptab[256] = {
data/atheme-services-7.2.9/libathemecore/ubase64.c:75:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void decode_p10_ip(const char *b64, char ipstring[HOSTIPLEN])
data/atheme-services-7.2.9/libathemecore/ubase64.c:75:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void decode_p10_ip(const char *b64, char ipstring[HOSTIPLEN])
data/atheme-services-7.2.9/libathemecore/ubase64.c:78:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[4];
data/atheme-services-7.2.9/libathemecore/ubase64.c:116:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				j += sprintf(ipstring + j, "%x", (uint16_t)base64touint(buf));
data/atheme-services-7.2.9/libathemecore/users.c:209:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char oldnick[NICKLEN];
data/atheme-services-7.2.9/libathemecore/users.c:400:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char oldnick[NICKLEN];
data/atheme-services-7.2.9/libathemecore/users.c:626:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char result[34];
data/atheme-services-7.2.9/libmowgli-2/src/examples/async_resolver/async_resolver.c:14:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[2048];
data/atheme-services-7.2.9/libmowgli-2/src/examples/async_resolver/async_resolver.c:70:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[2048];
data/atheme-services-7.2.9/libmowgli-2/src/examples/echoserver/echoserver.c:32:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/atheme-services-7.2.9/libmowgli-2/src/examples/formattertest/formattertest.c:39:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[65535];
data/atheme-services-7.2.9/libmowgli-2/src/examples/helpertest/helpertest.c:82:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[16384];
data/atheme-services-7.2.9/libmowgli-2/src/examples/libevent-bench/bench.c:197:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			num_pipes = atoi(optarg);
data/atheme-services-7.2.9/libmowgli-2/src/examples/libevent-bench/bench.c:200:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			num_active = atoi(optarg);
data/atheme-services-7.2.9/libmowgli-2/src/examples/libevent-bench/bench.c:203:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			num_writes = atoi(optarg);
data/atheme-services-7.2.9/libmowgli-2/src/examples/linetest/linetest.c:28:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buf[512];
data/atheme-services-7.2.9/libmowgli-2/src/examples/linetest/linetest.c:112:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[512];
data/atheme-services-7.2.9/libmowgli-2/src/examples/linetest/linetest.c:130:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buf[512];
data/atheme-services-7.2.9/libmowgli-2/src/examples/patriciatest2/patriciatest2.c:96:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[100], *strings[TESTSIZE];
data/atheme-services-7.2.9/libmowgli-2/src/examples/vio-udplistener/vio-udplistener.c:32:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[BUFSIZE] = "";
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/base/formatter.c:50:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			arg = atoi(fiter);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/base/formatter.c:116:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[65535];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/container/dictionary.c:897:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[256];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/container/index.c:91:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(new_ptr, index->data, oldsize);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/container/index.c:138:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(target->data + to, source->data + from, sizeof(void *) * count);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/container/index.c:145:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(target->data + to, source->data + from, sizeof(void *) * count);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/container/patricia.c:629:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ckey_store[256];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/container/patricia.c:1106:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[256];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/logger.c:28:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char _mowgli_log_buf[MOWGLI_LOG_BUF_SIZE];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/mowgli_string.c:77:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(self->str + self->pos, src, n);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/mowgli_string.c:188:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[16384];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_res.c:57:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char queryname[MOWGLI_DNS_RES_HOSTLEN + 1];	/* name currently being queried */
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_res.c:215:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char input[MOWGLI_DNS_MAXLINE];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_res.c:224:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((file = fopen(respath, "r")) == NULL)
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_res.c:298:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ns_buf[4096];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_res.c:342:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&state->nsaddr_list[state->nscount].addr, res->ai_addr, res->ai_addrlen);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_res.c:664:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host_name[MOWGLI_DNS_RES_HOSTLEN + 1];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_res.c:692:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&request->addr, addr, size);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_res.c:701:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(request->queryname, "%u.%u.%u.%u.in-addr.arpa", (unsigned int) (cp[3]),
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_res.c:712:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(rqptr, "%1x.%1x.",
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_res.c:716:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(rqptr, "ip6.arpa");
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_res.c:734:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[MOWGLI_DNS_MAXPACKET];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_res.c:793:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hostbuf[MOWGLI_DNS_RES_HOSTLEN + 1];	/* working buffer */
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_res.c:819:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hostbuf[MOWGLI_DNS_RES_HOSTLEN + 100];	/* working buffer */
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_res.c:888:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&v4->sin_addr, current, sizeof(struct in_addr));
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_res.c:904:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&v6->sin6_addr, current, sizeof(struct in6_addr));
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_res.c:948:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[sizeof(mowgli_dns_resheader_t) + MOWGLI_DNS_MAXPACKET]
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_res.h:34:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char domain[MOWGLI_DNS_RES_HOSTLEN];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_reslib.c:81:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char digitvalue[256] =
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_reslib.c:145:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char tmp[MOWGLI_DNS_NS_MAXCDNAME];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_reslib.c:206:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dstp, srcp, l);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_reslib.c:590:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	dn += sprintf(dn, "\\[x");
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_reslib.c:593:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		dn += sprintf(dn, "%02x", *cp & 0xff);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_reslib.c:598:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		dn += sprintf(dn, "%02x", tc & (0xff << (8 - b)));
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_reslib.c:603:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		dn += sprintf(dn, "%1x", ((tc >> 4) & 0x0f) & (0x0f << (4 - b)));
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_reslib.c:606:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	dn += sprintf(dn, "/%d]", blen);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_reslib.c:921:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dstp, srcp, n + 1);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_reslib.c:943:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char tmp[MOWGLI_DNS_NS_MAXCDNAME];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_reslib.c:1185:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char *dnptrs[20], **dpp, **lastdnptr;
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/eventloop/helper.c:52:6:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	x = open("/dev/null", O_RDWR);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/eventloop/helper.c:123:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[64];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/eventloop/helper.c:184:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	helper->fd = atoi(env_io_fd);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/confparse.c:61:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[1024];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/confparse.c:458:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen(filename, "rb");
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/error_backtrace.c:80:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[65535];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/json.c:292:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[32];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/json.c:302:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[32];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/json.c:586:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char error[ERRBUFSIZE];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/json.c:644:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char ll_table[SYM_COUNT][SYM_COUNT] =
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/json.c:1045:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ubuf[5];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/json.c:1084:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(ubuf, s, 4);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/json.c:1408:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/json.c:1415:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	f = fopen(path, "r");
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/proctitle.c:100:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ps_buffer[PS_BUFFER_SIZE];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/proctitle.c:261:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char procbuf[16];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/proctitle.c:286:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[PS_BUFFER_SIZE + 32];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/program_opts.c:43:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	*(int *) userdata = atoi(arg);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/program_opts.c:101:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[256];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/linebuf/linebuf.c:131:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmpbuf[buffer->maxbuflen];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/linebuf/linebuf.c:134:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(tmpbuf, buffer->buffer, buffer->maxbuflen);	/* Copy into tmp buffer */
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/linebuf/linebuf.c:142:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(buffer->buffer, tmpbuf, buffer->maxbuflen);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/linebuf/linebuf.c:240:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[linebuf->writebuf.maxbuflen];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/linebuf/linebuf.c:269:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((void *) ptr, data, len);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/linebuf/linebuf.c:270:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((void *) (ptr + len), linebuf->endl, linebuf->endl_len);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/platform/win32/inet.c:31:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char src_copy[INET6_ADDRSTRLEN + 1];
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/platform/win32/inet.c:65:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&(((struct sockaddr_in *) &ss)->sin_addr), (struct in_addr *) addr, sizeof(struct in_addr));
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/platform/win32/inet.c:69:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&(((struct sockaddr_in6 *) &ss)->sin6_addr), (struct in6_addr *) addr, sizeof(struct in6_addr));
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/vio/vio.h:58:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char string[128];	/* Friendly name for error */
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/vio/vio.h:80:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[INET6_ADDRSTRLEN];	/* max length of IPv6 address */
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/vio/vio_openssl.c:84:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&connection->settings, settings, sizeof(mowgli_vio_ssl_settings_t));
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/vio/vio_openssl.c:91:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(openssl_ops, &mowgli_vio_default_ops, sizeof(mowgli_vio_ops_t));
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/vio/vio_openssl.c:165:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&vio->addr.addr, &addr->addr, addr->addrlen);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/vio/vio_sockets.c:66:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&vio->addr.addr, &addr->addr, sizeof(struct sockaddr_storage));
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/vio/vio_sockets.c:164:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&vio->addr.addr, &addr->addr, sizeof(struct sockaddr_storage));
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/vio/vio_sockets.c:425:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&naddr->addr, &saddr, sizeof(struct sockaddr_in));
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/vio/vio_sockets.c:439:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&naddr->addr, &saddr, sizeof(struct sockaddr_in6));
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/vio/vio_sockets.c:461:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&naddr->addr, saddr, size);
data/atheme-services-7.2.9/modules/alis/main.c:149:50:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			if((arg = parv[i++]) == NULL || (query->min = atoi(arg)) < 1)
data/atheme-services-7.2.9/modules/alis/main.c:157:50:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			if((arg = parv[i++]) == NULL || (query->max = atoi(arg)) < 1)
data/atheme-services-7.2.9/modules/alis/main.c:165:57:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			if((arg = parv[i++]) == NULL || (query->maxmatches = atoi(arg)) == 0)
data/atheme-services-7.2.9/modules/alis/main.c:188:51:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			if((arg = parv[i++]) == NULL || (query->skip = atoi(arg)) < 1)
data/atheme-services-7.2.9/modules/alis/main.c:304:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char topic[BUFSIZE];
data/atheme-services-7.2.9/modules/auth/ldap.c:142:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char dn[512];
data/atheme-services-7.2.9/modules/auth/ldap.c:169:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char what[512];
data/atheme-services-7.2.9/modules/backend/corestorage.c:600:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[4096];
data/atheme-services-7.2.9/modules/backend/corestorage.c:794:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[4096];
data/atheme-services-7.2.9/modules/backend/corestorage.c:818:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[4096];
data/atheme-services-7.2.9/modules/backend/corestorage.c:850:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[4096];
data/atheme-services-7.2.9/modules/backend/corestorage.c:884:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[4096];
data/atheme-services-7.2.9/modules/backend/flatfile.c:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[BUFSIZE];
data/atheme-services-7.2.9/modules/backend/flatfile.c:44:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	f = fopen(path, "r");
data/atheme-services-7.2.9/modules/backend/flatfile.c:101:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			versn = atoi(strtok(NULL, " "));
data/atheme-services-7.2.9/modules/backend/flatfile.c:154:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				registered = atoi(strtok(NULL, " "));
data/atheme-services-7.2.9/modules/backend/flatfile.c:155:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				lastlogin = atoi(strtok(NULL, " "));
data/atheme-services-7.2.9/modules/backend/flatfile.c:162:46:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				mu = myuser_add(muname, mupass, muemail, atol(flagstr));
data/atheme-services-7.2.9/modules/backend/flatfile.c:205:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			mtime = atoi(strtok(NULL, " "));
data/atheme-services-7.2.9/modules/backend/flatfile.c:206:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			status = atoi(strtok(NULL, " "));
data/atheme-services-7.2.9/modules/backend/flatfile.c:293:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			mn->registered = atoi(treg);
data/atheme-services-7.2.9/modules/backend/flatfile.c:294:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			mn->lastseen = atoi(tseen);
data/atheme-services-7.2.9/modules/backend/flatfile.c:344:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			soper_add(entity(mu)->name, class, atoi(flagstr) & ~SOPER_CONF, password);
data/atheme-services-7.2.9/modules/backend/flatfile.c:369:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				mc->registered = atoi(strtok(NULL, " "));
data/atheme-services-7.2.9/modules/backend/flatfile.c:370:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				mc->used = atoi(strtok(NULL, " "));
data/atheme-services-7.2.9/modules/backend/flatfile.c:371:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				mc->flags = atoi(strtok(NULL, " "));
data/atheme-services-7.2.9/modules/backend/flatfile.c:373:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				mc->mlock_on = atoi(strtok(NULL, " "));
data/atheme-services-7.2.9/modules/backend/flatfile.c:374:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				mc->mlock_off = atoi(strtok(NULL, " "));
data/atheme-services-7.2.9/modules/backend/flatfile.c:375:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				mc->mlock_limit = atoi(strtok(NULL, " "));
data/atheme-services-7.2.9/modules/backend/flatfile.c:512:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						ts = atoi(tsstr);
data/atheme-services-7.2.9/modules/backend/flatfile.c:553:24:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					unsigned int fl = atol(strtok(NULL, " "));
data/atheme-services-7.2.9/modules/backend/flatfile.c:591:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			settime = atol(tmp);
data/atheme-services-7.2.9/modules/backend/flatfile.c:606:18:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			me.kline_id = atol(id);
data/atheme-services-7.2.9/modules/backend/flatfile.c:618:15:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			duration = atol(tmp);
data/atheme-services-7.2.9/modules/backend/flatfile.c:620:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			settime = atol(tmp);
data/atheme-services-7.2.9/modules/backend/flatfile.c:637:18:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			me.xline_id = atol(id);
data/atheme-services-7.2.9/modules/backend/flatfile.c:647:15:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			duration = atol(tmp);
data/atheme-services-7.2.9/modules/backend/flatfile.c:649:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			settime = atol(tmp);
data/atheme-services-7.2.9/modules/backend/flatfile.c:667:18:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			me.qline_id = atol(id);
data/atheme-services-7.2.9/modules/backend/flatfile.c:677:15:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			duration = atol(tmp);
data/atheme-services-7.2.9/modules/backend/flatfile.c:679:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			settime = atol(tmp);
data/atheme-services-7.2.9/modules/backend/flatfile.c:696:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			i = atoi(strtok(NULL, " "));
data/atheme-services-7.2.9/modules/backend/flatfile.c:700:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			i = atoi(strtok(NULL, " "));
data/atheme-services-7.2.9/modules/backend/flatfile.c:704:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			i = atoi(strtok(NULL, " "));
data/atheme-services-7.2.9/modules/backend/flatfile.c:709:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				if ((i = atoi(s)) != kin)
data/atheme-services-7.2.9/modules/backend/flatfile.c:713:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				if ((i = atoi(s)) != xin)
data/atheme-services-7.2.9/modules/backend/flatfile.c:717:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				if ((i = atoi(s)) != qin)
data/atheme-services-7.2.9/modules/backend/opensex.c:92:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/backend/opensex.c:172:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE], *bi;
data/atheme-services-7.2.9/modules/backend/opensex.c:195:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[32];
data/atheme-services-7.2.9/modules/backend/opensex.c:202:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[32];
data/atheme-services-7.2.9/modules/backend/opensex.c:209:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[32];
data/atheme-services-7.2.9/modules/backend/opensex.c:252:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[BUFSIZE];
data/atheme-services-7.2.9/modules/backend/opensex.c:255:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	f = fopen(path, "r");
data/atheme-services-7.2.9/modules/backend/opensex.c:297:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bpath[BUFSIZE], path[BUFSIZE];
data/atheme-services-7.2.9/modules/backend/opensex.c:304:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(path, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
data/atheme-services-7.2.9/modules/backend/opensex.c:343:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char oldpath[BUFSIZE], newpath[BUFSIZE];
data/atheme-services-7.2.9/modules/botserv/bottalk.c:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char saybuf[BUFSIZE];
data/atheme-services-7.2.9/modules/botserv/bottalk.c:108:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char actbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/botserv/info.c:49:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE], strfbuf[BUFSIZE], *end;
data/atheme-services-7.2.9/modules/botserv/main.c:82:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/botserv/main.c:116:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/botserv/main.c:315:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char orig[BUFSIZE];
data/atheme-services-7.2.9/modules/botserv/main.c:316:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newargs[BUFSIZE];
data/atheme-services-7.2.9/modules/botserv/main.c:693:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanfix/chanfix.h:48:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char user[USERLEN];
data/atheme-services-7.2.9/modules/chanfix/chanfix.h:49:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[HOSTLEN];
data/atheme-services-7.2.9/modules/chanfix/fix.c:439:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanfix/fix.c:461:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char strfbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanfix/fix.c:514:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ts = md != NULL ? atoi(md->value) : 0;
data/atheme-services-7.2.9/modules/chanserv/access.c:144:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/access.c:184:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/access.c:235:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[400];
data/atheme-services-7.2.9/modules/chanserv/access.c:301:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ss[40];
data/atheme-services-7.2.9/modules/chanserv/access.c:302:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char flagname[400];
data/atheme-services-7.2.9/modules/chanserv/access.c:397:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char flagname[400];
data/atheme-services-7.2.9/modules/chanserv/access.c:429:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ss[40], newstr[400];
data/atheme-services-7.2.9/modules/chanserv/access.c:641:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char strfbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/akick.c:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[NICKLEN + USERLEN + HOSTLEN + 4];
data/atheme-services-7.2.9/modules/chanserv/akick.c:108:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char hostbuf2[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/akick.c:171:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char expiry[512];
data/atheme-services-7.2.9/modules/chanserv/akick.c:176:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *treason, reason[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/akick.c:226:17:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				duration = (atol(s) * 60);
data/atheme-services-7.2.9/modules/chanserv/akick.c:564:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char expiry[512];
data/atheme-services-7.2.9/modules/chanserv/akick.c:624:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buf[BUFSIZE], *buf_iter;
data/atheme-services-7.2.9/modules/chanserv/akick.c:632:26:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				expires_on = (time_t)atol(expiry);
data/atheme-services-7.2.9/modules/chanserv/akick.c:779:16:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			expireson = atol(md->value);
data/atheme-services-7.2.9/modules/chanserv/antiflood.c:230:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hostbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/ban.c:80:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char hostbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/ban.c:162:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char hostbuf2[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/clear_users.c:39:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullreason[200];
data/atheme-services-7.2.9/modules/chanserv/count.c:44:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[512];
data/atheme-services-7.2.9/modules/chanserv/drop.c:43:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullcmd[512];
data/atheme-services-7.2.9/modules/chanserv/drop.c:44:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key0[80], key1[80];
data/atheme-services-7.2.9/modules/chanserv/flags.c:72:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ss[40];
data/atheme-services-7.2.9/modules/chanserv/flags.c:73:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char flagname[400];
data/atheme-services-7.2.9/modules/chanserv/flags.c:139:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char mod_date[64];
data/atheme-services-7.2.9/modules/chanserv/info.c:37:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE], strfbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/info.c:153:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "HOLD");
data/atheme-services-7.2.9/modules/chanserv/info.c:160:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "SECURE");
data/atheme-services-7.2.9/modules/chanserv/info.c:168:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "VERBOSE");
data/atheme-services-7.2.9/modules/chanserv/info.c:175:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "VERBOSE_OPS");
data/atheme-services-7.2.9/modules/chanserv/info.c:183:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "RESTRICTED");
data/atheme-services-7.2.9/modules/chanserv/info.c:191:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "KEEPTOPIC");
data/atheme-services-7.2.9/modules/chanserv/info.c:199:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "TOPICLOCK");
data/atheme-services-7.2.9/modules/chanserv/info.c:207:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "GUARD");
data/atheme-services-7.2.9/modules/chanserv/info.c:215:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "ANTIFLOOD");
data/atheme-services-7.2.9/modules/chanserv/info.c:223:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "FANTASY");
data/atheme-services-7.2.9/modules/chanserv/info.c:231:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "NOSYNC");
data/atheme-services-7.2.9/modules/chanserv/info.c:239:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "PRIVATE");
data/atheme-services-7.2.9/modules/chanserv/info.c:247:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "PUBACL");
data/atheme-services-7.2.9/modules/chanserv/info.c:255:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "LIMITFLAGS");
data/atheme-services-7.2.9/modules/chanserv/info.c:279:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ts = md != NULL ? atoi(md->value) : 0;
data/atheme-services-7.2.9/modules/chanserv/info.c:300:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ts = md != NULL ? atoi(md->value) : 0;
data/atheme-services-7.2.9/modules/chanserv/kick.c:46:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char reasonbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/kick.c:117:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char reasonbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/list.c:57:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	duration = (atol(s) * 60);
data/atheme-services-7.2.9/modules/chanserv/list.c:94:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						*opts[j].optval.intval = atoi(parv[i + 1]);
data/atheme-services-7.2.9/modules/chanserv/list.c:142:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/list.c:143:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char criteriastr[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/main.c:64:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char orig[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/main.c:65:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newargs[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/main.c:355:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char akickreason[120] = "User is banned from this channel", *p;
data/atheme-services-7.2.9/modules/chanserv/main.c:775:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[21];
data/atheme-services-7.2.9/modules/chanserv/main.c:789:15:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		channelts = atol(md->value);
data/atheme-services-7.2.9/modules/chanserv/main.c:852:12:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	topicts = atol(md->value);
data/atheme-services-7.2.9/modules/chanserv/main.c:861:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[21];
data/atheme-services-7.2.9/modules/chanserv/moderate.c:128:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/moderate.c:142:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char cmdbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/moderate.c:156:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/moderate.c:169:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char cmdbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/moderate.c:216:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/moderate.c:343:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char strfbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/quiet.c:77:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rhostbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/quiet.c:121:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[3];
data/atheme-services-7.2.9/modules/chanserv/quiet.c:225:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&tmpban, cb, sizeof(chanban_t));
data/atheme-services-7.2.9/modules/chanserv/quiet.c:317:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char hostbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/quiet.c:372:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char target_extban[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/quiet.c:420:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char hostbuf2[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/recover.c:40:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hostbuf2[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/recover.c:44:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[3];
data/atheme-services-7.2.9/modules/chanserv/register.c:43:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[21];
data/atheme-services-7.2.9/modules/chanserv/set_mlock.c:40:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char modebuf[32], *end, c;
data/atheme-services-7.2.9/modules/chanserv/set_mlock.c:45:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newlock_key[KEYLEN];
data/atheme-services-7.2.9/modules/chanserv/set_mlock.c:46:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newlock_ext[ignore_mode_list_size][512];
data/atheme-services-7.2.9/modules/chanserv/set_mlock.c:48:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newext[512];
data/atheme-services-7.2.9/modules/chanserv/set_mlock.c:49:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ext_plus[ignore_mode_list_size + 1];
data/atheme-services-7.2.9/modules/chanserv/set_mlock.c:50:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ext_minus[ignore_mode_list_size + 1];
data/atheme-services-7.2.9/modules/chanserv/set_mlock.c:147:11:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				  if (atol(arg) <= 0)
data/atheme-services-7.2.9/modules/chanserv/set_mlock.c:153:23:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				  newlock_limit = atol(arg);
data/atheme-services-7.2.9/modules/chanserv/sync.c:27:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char akickreason[120] = "User is banned from this channel", *p;
data/atheme-services-7.2.9/modules/chanserv/template.c:73:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ss[40], newstr[400];
data/atheme-services-7.2.9/modules/chanserv/template.c:372:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char flagstr2[128];
data/atheme-services-7.2.9/modules/chanserv/topic.c:116:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char topicbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/topic.c:191:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char topicbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/topic.c:270:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char topicbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/topic.c:271:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char commbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/topic.c:345:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pos, replace, replace_size);
data/atheme-services-7.2.9/modules/chanserv/unban_self.c:94:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char hostbuf2[BUFSIZE];
data/atheme-services-7.2.9/modules/chanserv/version.c:28:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/contrib/cs_access_alias.c:38:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *newparv[5];
data/atheme-services-7.2.9/modules/contrib/cs_access_alias.c:76:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ss[40];
data/atheme-services-7.2.9/modules/contrib/cs_access_alias.c:77:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char flagname[400];
data/atheme-services-7.2.9/modules/contrib/cs_badwords.c:188:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char hostbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/contrib/cs_badwords.c:212:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char hostbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/contrib/cs_badwords.c:225:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char hostbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/contrib/cs_badwords.c:362:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/contrib/cs_fregister.c:40:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[21];
data/atheme-services-7.2.9/modules/contrib/dnsbl.c:63:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[IRCD_RES_HOSTLEN + 1];
data/atheme-services-7.2.9/modules/contrib/dnsbl.c:226:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/contrib/dnsbl.c:338:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[IRCD_RES_HOSTLEN + 1];
data/atheme-services-7.2.9/modules/contrib/gen_echoserver.c:36:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char *ptr, buf2[BUFSIZE * 2];
data/atheme-services-7.2.9/modules/contrib/gen_echoserver.c:37:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        static char tmp[BUFSIZE * 2 + 1];
data/atheme-services-7.2.9/modules/contrib/gen_echoserver.c:59:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[BUFSIZE * 2];
data/atheme-services-7.2.9/modules/contrib/gen_listenerdemo.c:36:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char *ptr, buf2[BUFSIZE * 2];
data/atheme-services-7.2.9/modules/contrib/gen_listenerdemo.c:37:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        static char tmp[BUFSIZE * 2 + 1];
data/atheme-services-7.2.9/modules/contrib/gen_listenerdemo.c:63:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[BUFSIZE * 2];
data/atheme-services-7.2.9/modules/contrib/gen_vhostonreg.c:46:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newhost[HOSTLEN];
data/atheme-services-7.2.9/modules/contrib/graphtastical.c:64:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(f = fopen(DATADIR "/channels.dot.new", "w")))
data/atheme-services-7.2.9/modules/contrib/graphtastical.c:132:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(f = fopen(DATADIR "/uchannels.dot.new", "w")))
data/atheme-services-7.2.9/modules/contrib/gs_roulette.c:44:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/contrib/gs_roulette.c:61:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static const char *roulette_responses[2] = {
data/atheme-services-7.2.9/modules/contrib/ircd_announceserv.c:181:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf [BUFSIZE];
data/atheme-services-7.2.9/modules/contrib/ircd_announceserv.c:259:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/contrib/ircd_announceserv.c:340:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/contrib/ns_ajoin.c:30:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/atheme-services-7.2.9/modules/contrib/ns_ajoin.c:194:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/atheme-services-7.2.9/modules/contrib/ns_cleannick.c:56:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char nickbuf[NICKLEN];
data/atheme-services-7.2.9/modules/contrib/ns_generatehash.c:36:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hash[PASSLEN];
data/atheme-services-7.2.9/modules/contrib/ns_generatepass.c:39:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		n = atoi(parv[0]);
data/atheme-services-7.2.9/modules/contrib/ns_goodmail.c:209:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/contrib/ns_mxcheck.c:33:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/atheme-services-7.2.9/modules/contrib/ns_mxcheck_async.c:19:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[NICKLEN];
data/atheme-services-7.2.9/modules/contrib/ns_mxcheck_async.c:20:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char email[EMAILLEN];
data/atheme-services-7.2.9/modules/contrib/ns_mxcheck_async.c:81:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/atheme-services-7.2.9/modules/contrib/ns_sendpassmail.c:121:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmdtext[NICKLEN + 20];
data/atheme-services-7.2.9/modules/contrib/on_db_save.c:49:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/contrib/os_akillnicklist.c:47:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char value[BUFSIZE];
data/atheme-services-7.2.9/modules/contrib/os_akillnicklist.c:50:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	f = fopen(filename, "r");
data/atheme-services-7.2.9/modules/contrib/os_defcon.c:154:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char modesetbuf[256];
data/atheme-services-7.2.9/modules/contrib/os_defcon.c:155:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char modeunsetbuf[256];
data/atheme-services-7.2.9/modules/contrib/os_defcon.c:182:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/contrib/os_defcon.c:198:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/contrib/os_defcon.c:206:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	level = atoi(defcon);
data/atheme-services-7.2.9/modules/contrib/os_joinmon.c:227:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/contrib/os_klinechan.c:53:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char reason[256];
data/atheme-services-7.2.9/modules/contrib/os_klinechan.c:80:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/contrib/os_klinechan.c:107:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char strfbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/contrib/os_klinechan.c:118:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ts = md != NULL ? atoi(md->value) : 0;
data/atheme-services-7.2.9/modules/contrib/os_modeall.c:43:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *modeparv[256];
data/atheme-services-7.2.9/modules/contrib/os_pingspam.c:121:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if(strcasecmp(mode, "on") == 0 || atoi(mode))
data/atheme-services-7.2.9/modules/contrib/os_resolve.c:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/contrib/os_savechanmodes.c:45:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(out = fopen(DATADIR "/chanmodes.txt", "w")))
data/atheme-services-7.2.9/modules/contrib/os_savechanmodes.c:79:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *modeparv[256];
data/atheme-services-7.2.9/modules/contrib/os_savechanmodes.c:99:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *item, buf[2048];
data/atheme-services-7.2.9/modules/contrib/os_savechanmodes.c:105:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(in = fopen(DATADIR "/chanmodes.txt", "r")))
data/atheme-services-7.2.9/modules/contrib/os_testcmd.c:84:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *newparv[256];
data/atheme-services-7.2.9/modules/contrib/os_testproc.c:22:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dest[NICKLEN];
data/atheme-services-7.2.9/modules/contrib/os_testproc.c:47:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/contrib/os_trace.c:141:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char usermask[512];
data/atheme-services-7.2.9/modules/contrib/os_trace.c:241:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char usermask[512];
data/atheme-services-7.2.9/modules/contrib/os_trace.c:334:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	domain->nickage = atoi(nickage_string);
data/atheme-services-7.2.9/modules/contrib/os_trace.c:392:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	domain->numchan = atoi(numchan_string);
data/atheme-services-7.2.9/modules/contrib/os_trace.c:648:15:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		duration = (atol(s) * 60);
data/atheme-services-7.2.9/modules/contrib/wumpus.c:783:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		wumpus.wantsize = atoi(parv[0]);
data/atheme-services-7.2.9/modules/contrib/wumpus.c:853:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	move_player(p, atoi(id));
data/atheme-services-7.2.9/modules/contrib/wumpus.c:881:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	shoot_player(p, atoi(id));
data/atheme-services-7.2.9/modules/crypto/ircservices.c:49:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char digest[33];
data/atheme-services-7.2.9/modules/crypto/ircservices.c:50:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dest2[16];
data/atheme-services-7.2.9/modules/crypto/ircservices.c:67:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(dest, "$ircservices$");
data/atheme-services-7.2.9/modules/crypto/ircservices.c:69:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(dest + 13 + 2 * i, "%02x", 255 & dest2[i]);
data/atheme-services-7.2.9/modules/crypto/ircservices.c:93:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/crypto/ircservices.c:118:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char output[PASSMAX];
data/atheme-services-7.2.9/modules/crypto/pbkdf2.c:36:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[SALTLEN + 1];
data/atheme-services-7.2.9/modules/crypto/pbkdf2.c:48:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char outbuf[PASSLEN];
data/atheme-services-7.2.9/modules/crypto/pbkdf2.c:49:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static unsigned char digestbuf[SHA512_DIGEST_LENGTH];
data/atheme-services-7.2.9/modules/crypto/pbkdf2.c:55:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(outbuf, salt, SALTLEN);
data/atheme-services-7.2.9/modules/crypto/pbkdf2.c:60:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(outbuf + SALTLEN + (iter * 2), "%02x", 255 & digestbuf[iter]);
data/atheme-services-7.2.9/modules/crypto/pbkdf2v2.c:47:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char salt_chars[62] =
data/atheme-services-7.2.9/modules/crypto/pbkdf2v2.c:55:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		salt[PBKDF2_SALTLEN + 1];
data/atheme-services-7.2.9/modules/crypto/pbkdf2v2.c:56:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char	result[PASSLEN];
data/atheme-services-7.2.9/modules/crypto/pbkdf2v2.c:73:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		salt[PBKDF2_SALTLEN + 1];
data/atheme-services-7.2.9/modules/crypto/pbkdf2v2.c:76:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char	digest[EVP_MAX_MD_SIZE];
data/atheme-services-7.2.9/modules/crypto/pbkdf2v2.c:77:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		digest_b64[(EVP_MAX_MD_SIZE * 2) + 5];
data/atheme-services-7.2.9/modules/crypto/pbkdf2v2.c:78:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char	result[PASSLEN];
data/atheme-services-7.2.9/modules/crypto/pbkdf2v2.c:130:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		salt[PBKDF2_SALTLEN + 1];
data/atheme-services-7.2.9/modules/crypto/posix.c:23:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char salt2[3];
data/atheme-services-7.2.9/modules/crypto/posix.c:50:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned const char cov_2char[64] = {
data/atheme-services-7.2.9/modules/crypto/posix.c:75:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
data/atheme-services-7.2.9/modules/crypto/posix.c:76:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[MD5_DIGEST_LENGTH];
data/atheme-services-7.2.9/modules/crypto/posix.c:140:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char buf_perm[sizeof buf];
data/atheme-services-7.2.9/modules/crypto/posix.c:180:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char real_salt[BUFSIZE];
data/atheme-services-7.2.9/modules/crypto/rawmd5.c:23:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char output[2 * 16 + sizeof(RAWMD5_PREFIX)];
data/atheme-services-7.2.9/modules/crypto/rawmd5.c:25:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char digest[16];
data/atheme-services-7.2.9/modules/crypto/rawmd5.c:34:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(output + sizeof(RAWMD5_PREFIX) - 1 + i * 2, "%02x",
data/atheme-services-7.2.9/modules/crypto/rawsha1.c:27:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char output[2 * SHA_DIGEST_LENGTH + sizeof(RAWSHA1_PREFIX)];
data/atheme-services-7.2.9/modules/crypto/rawsha1.c:29:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char digest[SHA_DIGEST_LENGTH];
data/atheme-services-7.2.9/modules/crypto/rawsha1.c:38:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(output + sizeof(RAWSHA1_PREFIX) - 1 + i * 2, "%02x",
data/atheme-services-7.2.9/modules/exttarget/chanacs.c:119:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(name, NAMEPREFIX, sizeof NAMEPREFIX - 1);
data/atheme-services-7.2.9/modules/exttarget/chanacs.c:120:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(name + sizeof NAMEPREFIX - 1, param, namelen - sizeof NAMEPREFIX + 1);
data/atheme-services-7.2.9/modules/exttarget/channel.c:104:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(name, NAMEPREFIX, sizeof NAMEPREFIX - 1);
data/atheme-services-7.2.9/modules/exttarget/channel.c:105:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(name + sizeof NAMEPREFIX - 1, param, namelen - sizeof NAMEPREFIX + 1);
data/atheme-services-7.2.9/modules/exttarget/main.c:21:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/exttarget/server.c:99:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(name, NAMEPREFIX, sizeof NAMEPREFIX - 1);
data/atheme-services-7.2.9/modules/exttarget/server.c:100:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(name + sizeof NAMEPREFIX - 1, param, namelen - sizeof NAMEPREFIX + 1);
data/atheme-services-7.2.9/modules/gameserv/dice.c:88:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buffer[1024];
data/atheme-services-7.2.9/modules/gameserv/dice.c:463:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buffer[1024], result[32];
data/atheme-services-7.2.9/modules/gameserv/dice.c:594:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		times = atoi(parv[0]);
data/atheme-services-7.2.9/modules/gameserv/dice.c:632:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		times = atoi(parv[0]);
data/atheme-services-7.2.9/modules/gameserv/eightball.c:44:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static const char *eightball_responses[28] = {
data/atheme-services-7.2.9/modules/gameserv/gamecalc.c:59:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/gameserv/gamecalc.c:78:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		dice = atoi(arg_dice);
data/atheme-services-7.2.9/modules/gameserv/gamecalc.c:79:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		difficulty = atoi(arg_difficulty);
data/atheme-services-7.2.9/modules/gameserv/gamecalc.c:142:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/gameserv/gamecalc.c:161:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		dice = atoi(arg_dice);
data/atheme-services-7.2.9/modules/gameserv/gamecalc.c:185:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			reroll = atoi(parv[ii++]);
data/atheme-services-7.2.9/modules/gameserv/gamecalc.c:231:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *df_dice_table[3] = { "[-]", "[ ]", "[+]" };
data/atheme-services-7.2.9/modules/gameserv/gamecalc.c:237:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/gameserv/gamecalc.c:250:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	dice = atoi(arg_dice);
data/atheme-services-7.2.9/modules/gameserv/gameserv_common.h:19:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/gameserv/gameserv_common.h:107:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/gameserv/namegen.c:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/gameserv/namegen.c:49:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		amt = atoi(parv[0]);
data/atheme-services-7.2.9/modules/gameserv/namegen.c:60:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char namebuf[BUFSIZE];
data/atheme-services-7.2.9/modules/gameserv/rps.c:40:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static const char *rps_responses[3] = {
data/atheme-services-7.2.9/modules/global/main.c:62:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/groupserv/drop.c:28:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullcmd[512];
data/atheme-services-7.2.9/modules/groupserv/drop.c:29:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key0[80], key1[80];
data/atheme-services-7.2.9/modules/groupserv/info.c:27:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE], strfbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/groupserv/invite.c:34:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/groupserv/join.c:77:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		flags = atoi(md->value);
data/atheme-services-7.2.9/modules/groupserv/main/groupserv.c:252:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        static char names[512];
data/atheme-services-7.2.9/modules/groupserv/main/groupserv.c:407:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char nb[NICKLEN];
data/atheme-services-7.2.9/modules/groupserv/main/hooks.c:113:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/groupserv/main/hooks.c:143:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char priv[BUFSIZE];
data/atheme-services-7.2.9/modules/helpserv/ticket.c:269:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/helpserv/ticket.c:307:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/hostserv/drop.c:40:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/hostserv/group.c:37:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/hostserv/hostserv.h:71:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/hostserv/hostserv.h:72:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char timestring[16];
data/atheme-services-7.2.9/modules/hostserv/main.c:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[NICKLEN + 20];
data/atheme-services-7.2.9/modules/hostserv/offer.c:364:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/hostserv/onoff.c:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/hostserv/onoff.c:78:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/hostserv/request.c:220:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[NICKLEN + 20];
data/atheme-services-7.2.9/modules/hostserv/request.c:349:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/hostserv/request.c:415:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/hostserv/request.c:512:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/hostserv/vhost.c:89:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE], strfbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/hostserv/vhost.c:114:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				vhost_time = atoi(md_timestamp->value);
data/atheme-services-7.2.9/modules/hostserv/vhostnick.c:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/infoserv/main.c:167:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dBuf[BUFSIZE];
data/atheme-services-7.2.9/modules/infoserv/main.c:214:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dBuf[BUFSIZE];
data/atheme-services-7.2.9/modules/infoserv/main.c:272:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/infoserv/main.c:288:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	imp = atoi(importance);
data/atheme-services-7.2.9/modules/infoserv/main.c:372:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	id = atoi(target);
data/atheme-services-7.2.9/modules/infoserv/main.c:422:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	id = atoi(target);
data/atheme-services-7.2.9/modules/infoserv/main.c:462:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dBuf[BUFSIZE];
data/atheme-services-7.2.9/modules/infoserv/main.c:490:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dBuf[BUFSIZE];
data/atheme-services-7.2.9/modules/memoserv/forward.c:58:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		memonum = atoi(arg);
data/atheme-services-7.2.9/modules/memoserv/list.c:39:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char strfbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/memoserv/list.c:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[512];
data/atheme-services-7.2.9/modules/memoserv/list.c:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char chan[CHANNELLEN];
data/atheme-services-7.2.9/modules/memoserv/read.c:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char strfbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/memoserv/read.c:65:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	memonum = atoi(arg1);
data/atheme-services-7.2.9/modules/misc/canon_gmail.c:19:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void canonicalize_gmail(char email[EMAILLEN + 1], void *user_data)
data/atheme-services-7.2.9/modules/misc/canon_gmail.c:21:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[EMAILLEN + 1];
data/atheme-services-7.2.9/modules/misc/canon_gmail.c:47:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(p_out, "@gmail.com");
data/atheme-services-7.2.9/modules/misc/httpd.c:57:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fname[256];
data/atheme-services-7.2.9/modules/misc/httpd.c:64:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	return open(fname, O_RDONLY);
data/atheme-services-7.2.9/modules/misc/httpd.c:95:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		hd->length = atoi(p);
data/atheme-services-7.2.9/modules/misc/httpd.c:119:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf1[300];
data/atheme-services-7.2.9/modules/misc/httpd.c:120:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf2[700];
data/atheme-services-7.2.9/modules/misc/httpd.c:160:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE * 2];
data/atheme-services-7.2.9/modules/misc/httpd.c:161:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char outbuf[BUFSIZE * 2];
data/atheme-services-7.2.9/modules/nickserv/access.c:65:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char mask[USERLEN+HOSTLEN];
data/atheme-services-7.2.9/modules/nickserv/access.c:117:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if ((p[0] != '0' || p[1] != '.') && ((i = atoi(p)) < 1 || i > 255))
data/atheme-services-7.2.9/modules/nickserv/access.c:129:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if ((p[0] != '0' || p[1] != '.') && ((i = atoi(p)) < 1 || i > 255))
data/atheme-services-7.2.9/modules/nickserv/access.c:141:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if ((p[0] != '0' || p[1] != '.') && ((i = atoi(p)) < 1 || i > 255))
data/atheme-services-7.2.9/modules/nickserv/access.c:200:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mangledmask[NICKLEN+HOSTLEN+10];
data/atheme-services-7.2.9/modules/nickserv/access.c:315:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			if (isdigit((unsigned char)p[1]) && (atoi(p + 1) < 16 || (mask[0] == '*' && mask[1] == '@')))
data/atheme-services-7.2.9/modules/nickserv/badmail.c:209:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/nickserv/cracklib.c:54:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dict[BUFSIZE];
data/atheme-services-7.2.9/modules/nickserv/drop.c:43:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullcmd[512];
data/atheme-services-7.2.9/modules/nickserv/drop.c:44:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key0[80], key1[80];
data/atheme-services-7.2.9/modules/nickserv/enforce.c:26:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char nick[NICKLEN];
data/atheme-services-7.2.9/modules/nickserv/enforce.c:27:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[HOSTLEN];
data/atheme-services-7.2.9/modules/nickserv/enforce.c:94:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char gnick[NICKLEN];
data/atheme-services-7.2.9/modules/nickserv/enforce.c:289:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lau[BUFSIZE];
data/atheme-services-7.2.9/modules/nickserv/enforce.c:584:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			int enforcetime = atoi(md->value);
data/atheme-services-7.2.9/modules/nickserv/identify.c:62:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lau[BUFSIZE];
data/atheme-services-7.2.9/modules/nickserv/info.c:40:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE], strfbuf[BUFSIZE], lastlogin[BUFSIZE], *p;
data/atheme-services-7.2.9/modules/nickserv/info.c:92:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ts = md != NULL ? atoi(md->value) : 0;
data/atheme-services-7.2.9/modules/nickserv/info.c:177:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			vhost_time = atoi(vhost_timestring);
data/atheme-services-7.2.9/modules/nickserv/info.c:306:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "HideMail");
data/atheme-services-7.2.9/modules/nickserv/info.c:311:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(buf, ", ");
data/atheme-services-7.2.9/modules/nickserv/info.c:313:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "Hold");
data/atheme-services-7.2.9/modules/nickserv/info.c:318:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(buf, ", ");
data/atheme-services-7.2.9/modules/nickserv/info.c:320:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "NeverOp");
data/atheme-services-7.2.9/modules/nickserv/info.c:325:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(buf, ", ");
data/atheme-services-7.2.9/modules/nickserv/info.c:327:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "NoOp");
data/atheme-services-7.2.9/modules/nickserv/info.c:332:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(buf, ", ");
data/atheme-services-7.2.9/modules/nickserv/info.c:334:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "NoMemo");
data/atheme-services-7.2.9/modules/nickserv/info.c:339:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(buf, ", ");
data/atheme-services-7.2.9/modules/nickserv/info.c:341:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "EMailMemos");
data/atheme-services-7.2.9/modules/nickserv/info.c:346:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(buf, ", ");
data/atheme-services-7.2.9/modules/nickserv/info.c:348:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "NeverGroup");
data/atheme-services-7.2.9/modules/nickserv/info.c:353:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(buf, ", ");
data/atheme-services-7.2.9/modules/nickserv/info.c:355:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "Private");
data/atheme-services-7.2.9/modules/nickserv/info.c:360:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(buf, ", ");
data/atheme-services-7.2.9/modules/nickserv/info.c:362:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "RegNoLimit");
data/atheme-services-7.2.9/modules/nickserv/info.c:367:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat(buf, ", ");
data/atheme-services-7.2.9/modules/nickserv/info.c:369:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(buf, "NoGreet");
data/atheme-services-7.2.9/modules/nickserv/info.c:374:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(buf, ", ");
data/atheme-services-7.2.9/modules/nickserv/info.c:376:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "NoPassword");
data/atheme-services-7.2.9/modules/nickserv/info.c:419:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ts = md != NULL ? atoi(md->value) : 0;
data/atheme-services-7.2.9/modules/nickserv/info.c:439:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ts = md != NULL ? atoi(md->value) : 0;
data/atheme-services-7.2.9/modules/nickserv/info.c:457:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ts = md != NULL ? atoi(md->value) : 0;
data/atheme-services-7.2.9/modules/nickserv/list.c:48:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pat[512], *nickpattern = NULL, *hostpattern = NULL, *p;
data/atheme-services-7.2.9/modules/nickserv/list.c:171:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	duration = (atol(s) * 60);
data/atheme-services-7.2.9/modules/nickserv/list.c:205:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/nickserv/list.c:244:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char criteriastr[BUFSIZE];
data/atheme-services-7.2.9/modules/nickserv/list.c:279:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					int arg = atoi(parv[++i]);
data/atheme-services-7.2.9/modules/nickserv/multimark.c:375:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	time = md != NULL ? atoi(md->value) : 0;
data/atheme-services-7.2.9/modules/nickserv/multimark.c:623:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char time[BUFSIZE];
data/atheme-services-7.2.9/modules/nickserv/multimark.c:754:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char time[BUFSIZE];
data/atheme-services-7.2.9/modules/nickserv/multimark.c:834:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char time[BUFSIZE];
data/atheme-services-7.2.9/modules/nickserv/multimark.c:1076:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		int num = atoi(info);
data/atheme-services-7.2.9/modules/nickserv/register.c:43:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lau[BUFSIZE], lao[BUFSIZE];
data/atheme-services-7.2.9/modules/nickserv/restrict.c:54:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char strfbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/nickserv/restrict.c:60:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ts = md != NULL ? atoi(md->value) : 0;
data/atheme-services-7.2.9/modules/nickserv/return.c:38:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char oldmail[EMAILLEN];
data/atheme-services-7.2.9/modules/nickserv/sendpass.c:49:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmdtext[NICKLEN + 20];
data/atheme-services-7.2.9/modules/nickserv/set_enforcetime.c:47:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int enforcetime = atoi(parv[0]);
data/atheme-services-7.2.9/modules/nickserv/setpass.c:136:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char strfbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/nickserv/setpass.c:145:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ts = md != NULL ? atoi(md->value) : 0;
data/atheme-services-7.2.9/modules/nickserv/vacation.c:22:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tsbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/nickserv/vhost.c:71:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmdtext[NICKLEN + HOSTLEN + 20];
data/atheme-services-7.2.9/modules/nickserv/vhost.c:72:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char timestring[16];
data/atheme-services-7.2.9/modules/operserv/akill.c:86:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char reason[BUFSIZE];
data/atheme-services-7.2.9/modules/operserv/akill.c:126:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *treason, reason[BUFSIZE];
data/atheme-services-7.2.9/modules/operserv/akill.c:158:16:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			duration = (atol(s) * 60);
data/atheme-services-7.2.9/modules/operserv/akill.c:269:66:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		else if ((p = strrchr(khost, '/')) != NULL && IsDigit(p[1]) && atoi(p + 1) < 4)
data/atheme-services-7.2.9/modules/operserv/akill.c:319:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char t[16];
data/atheme-services-7.2.9/modules/operserv/akill.c:331:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				start = atoi(t);
data/atheme-services-7.2.9/modules/operserv/akill.c:339:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				end = atoi(t);
data/atheme-services-7.2.9/modules/operserv/akill.c:360:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			number = atoi(s);
data/atheme-services-7.2.9/modules/operserv/akill.c:382:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char t[16];
data/atheme-services-7.2.9/modules/operserv/akill.c:390:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			start = atoi(t);
data/atheme-services-7.2.9/modules/operserv/akill.c:398:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			end = atoi(t);
data/atheme-services-7.2.9/modules/operserv/akill.c:419:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		number = atoi(target);
data/atheme-services-7.2.9/modules/operserv/akill.c:499:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char settime[64];
data/atheme-services-7.2.9/modules/operserv/akill.c:547:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char reason[BUFSIZE];
data/atheme-services-7.2.9/modules/operserv/clearchan.c:48:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char reason[512];
data/atheme-services-7.2.9/modules/operserv/clones.c:69:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ip[HOSTIPLEN];
data/atheme-services-7.2.9/modules/operserv/clones.c:386:27:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		unsigned int newgrace = atol(arg);
data/atheme-services-7.2.9/modules/operserv/clones.c:442:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rreason[BUFSIZE];
data/atheme-services-7.2.9/modules/operserv/clones.c:460:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	clones = atoi(clonesstr);
data/atheme-services-7.2.9/modules/operserv/clones.c:488:15:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		duration = (atol(expiry) * 60);
data/atheme-services-7.2.9/modules/operserv/clones.c:625:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rreason[BUFSIZE];
data/atheme-services-7.2.9/modules/operserv/clones.c:638:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int clones = atoi(clonesstr);
data/atheme-services-7.2.9/modules/operserv/clones.c:722:19:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						duration = (atol(expiry) * 60);
data/atheme-services-7.2.9/modules/operserv/clones.c:789:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	duration = (atol(s) * 60);
data/atheme-services-7.2.9/modules/operserv/compare.c:43:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/atheme-services-7.2.9/modules/operserv/compare.c:44:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmpbuf[100];
data/atheme-services-7.2.9/modules/operserv/greplog.c:78:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[1024];
data/atheme-services-7.2.9/modules/operserv/greplog.c:80:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char logfile[256];
data/atheme-services-7.2.9/modules/operserv/greplog.c:112:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		days = atoi(parv[2]);
data/atheme-services-7.2.9/modules/operserv/greplog.c:142:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		in = fopen(logfile, "r");
data/atheme-services-7.2.9/modules/operserv/ignore.c:204:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char strfbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/operserv/jupe.c:36:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char reasonbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/operserv/mode.c:38:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *modeparv[256];
data/atheme-services-7.2.9/modules/operserv/noop.c:105:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hostbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/operserv/override.c:164:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *newparv[20];
data/atheme-services-7.2.9/modules/operserv/rakill.c:40:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char usermask[512];
data/atheme-services-7.2.9/modules/operserv/rmatch.c:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char usermask[512];
data/atheme-services-7.2.9/modules/operserv/rnc.c:42:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int count = param ? atoi(param) : 20;
data/atheme-services-7.2.9/modules/operserv/rwatch.c:77:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[BUFSIZE];
data/atheme-services-7.2.9/modules/operserv/rwatch.c:79:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	f = fopen(path, "r");
data/atheme-services-7.2.9/modules/operserv/rwatch.c:150:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *item, rBuf[BUFSIZE * 2];
data/atheme-services-7.2.9/modules/operserv/rwatch.c:152:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newpath[BUFSIZE];
data/atheme-services-7.2.9/modules/operserv/rwatch.c:176:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				rw->reflags = atoi(reflagsstr);
data/atheme-services-7.2.9/modules/operserv/rwatch.c:189:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				rw->actions = atoi(actionstr);
data/atheme-services-7.2.9/modules/operserv/rwatch.c:519:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char usermask[NICKLEN+USERLEN+HOSTLEN+GECOSLEN];
data/atheme-services-7.2.9/modules/operserv/rwatch.c:583:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char usermask[NICKLEN+USERLEN+HOSTLEN+GECOSLEN];
data/atheme-services-7.2.9/modules/operserv/rwatch.c:584:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char oldusermask[NICKLEN+USERLEN+HOSTLEN+GECOSLEN];
data/atheme-services-7.2.9/modules/operserv/set.c:114:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int value = atoi(recontime);
data/atheme-services-7.2.9/modules/operserv/set.c:140:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int value = atoi(logins);
data/atheme-services-7.2.9/modules/operserv/set.c:166:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int value = atoi(users);
data/atheme-services-7.2.9/modules/operserv/set.c:192:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int value = atoi(nicks);
data/atheme-services-7.2.9/modules/operserv/set.c:218:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int value = atoi(chans);
data/atheme-services-7.2.9/modules/operserv/set.c:244:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int value = atoi(limit);
data/atheme-services-7.2.9/modules/operserv/set.c:270:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int value = atoi(days);
data/atheme-services-7.2.9/modules/operserv/set.c:297:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int value = atoi(minutes);
data/atheme-services-7.2.9/modules/operserv/set.c:324:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int value = atoi(days);
data/atheme-services-7.2.9/modules/operserv/set.c:351:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int value = atoi(chanacs);
data/atheme-services-7.2.9/modules/operserv/set.c:377:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int value = atoi(founders);
data/atheme-services-7.2.9/modules/operserv/set.c:406:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int value = atoi(minutes);
data/atheme-services-7.2.9/modules/operserv/set.c:477:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int value = atoi(days);
data/atheme-services-7.2.9/modules/operserv/sgline.c:124:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *treason, reason[BUFSIZE];
data/atheme-services-7.2.9/modules/operserv/sgline.c:156:16:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			duration = (atol(s) * 60);
data/atheme-services-7.2.9/modules/operserv/sgline.c:254:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char t[16];
data/atheme-services-7.2.9/modules/operserv/sgline.c:266:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				start = atoi(t);
data/atheme-services-7.2.9/modules/operserv/sgline.c:274:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				end = atoi(t);
data/atheme-services-7.2.9/modules/operserv/sgline.c:295:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			number = atoi(s);
data/atheme-services-7.2.9/modules/operserv/soper.c:135:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hash[PASSLEN];
data/atheme-services-7.2.9/modules/operserv/sqline.c:153:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *treason, reason[BUFSIZE];
data/atheme-services-7.2.9/modules/operserv/sqline.c:191:16:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			duration = (atol(s) * 60);
data/atheme-services-7.2.9/modules/operserv/sqline.c:286:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char t[16];
data/atheme-services-7.2.9/modules/operserv/sqline.c:298:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				start = atoi(t);
data/atheme-services-7.2.9/modules/operserv/sqline.c:306:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				end = atoi(t);
data/atheme-services-7.2.9/modules/operserv/sqline.c:327:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			number = atoi(s);
data/atheme-services-7.2.9/modules/operserv/sqline.c:349:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char t[16];
data/atheme-services-7.2.9/modules/operserv/sqline.c:357:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			start = atoi(t);
data/atheme-services-7.2.9/modules/operserv/sqline.c:365:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			end = atoi(t);
data/atheme-services-7.2.9/modules/operserv/sqline.c:386:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		number = atoi(target);
data/atheme-services-7.2.9/modules/protocol/asuka.c:142:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipstring[HOSTIPLEN];
data/atheme-services-7.2.9/modules/protocol/asuka.c:154:98:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		u = user_add(parv[0], parv[3], parv[4], NULL, ipstring, parv[parc - 2], parv[parc - 1], si->s, atoi(parv[2]));
data/atheme-services-7.2.9/modules/protocol/asuka.c:167:41:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				handle_burstlogin(u, parv[5+i], p ? atol(p) : 0);
data/atheme-services-7.2.9/modules/protocol/asuka.c:183:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char userbuf[USERLEN];
data/atheme-services-7.2.9/modules/protocol/asuka.c:219:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (user_changenick(si->su, parv[0], atoi(parv[1])))
data/atheme-services-7.2.9/modules/protocol/asuka.c:268:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char userbuf[USERLEN];
data/atheme-services-7.2.9/modules/protocol/asuka.c:303:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[HOSTLEN + 1];
data/atheme-services-7.2.9/modules/protocol/bahamut.c:112:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	num = atoi(value);
data/atheme-services-7.2.9/modules/protocol/bahamut.c:113:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	timeslice = atoi(arg2);
data/atheme-services-7.2.9/modules/protocol/bahamut.c:221:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/protocol/bahamut.c:282:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/protocol/bahamut.c:409:36:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	handle_topic_from(si, c, parv[1], atol(parv[2]), parv[3]);
data/atheme-services-7.2.9/modules/protocol/bahamut.c:496:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *userv[256];
data/atheme-services-7.2.9/modules/protocol/bahamut.c:505:8:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ts = atol(parv[0]);
data/atheme-services-7.2.9/modules/protocol/bahamut.c:581:8:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ts = atol(parv[0]);
data/atheme-services-7.2.9/modules/protocol/bahamut.c:605:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *chanv[256];
data/atheme-services-7.2.9/modules/protocol/bahamut.c:621:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipstring[64];
data/atheme-services-7.2.9/modules/protocol/bahamut.c:648:77:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		u = user_add(parv[0], parv[4], parv[5], NULL, ipstring, NULL, parv[9], s, atoi(parv[2]));
data/atheme-services-7.2.9/modules/protocol/bahamut.c:684:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (user_changenick(si->su, parv[0], atoi(parv[1])))
data/atheme-services-7.2.9/modules/protocol/bahamut.c:724:7:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (atol(parv[1]) > c->ts)
data/atheme-services-7.2.9/modules/protocol/bahamut.c:784:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	s = handle_server(si, parv[0], NULL, atoi(parv[1]), parv[2]);
data/atheme-services-7.2.9/modules/protocol/base36uid.c:28:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char new_uid[10]; /* allow for \0 */
data/atheme-services-7.2.9/modules/protocol/base36uid.c:34:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/protocol/base36uid.c:38:53:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		me.numeric = sstrdup(uinttobase64(buf, (uint64_t) atoi(me.numeric), 2));
data/atheme-services-7.2.9/modules/protocol/base36uid.c:48:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(new_uid, me.numeric, strlen(me.numeric));
data/atheme-services-7.2.9/modules/protocol/charybdis.c:159:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (p - arg2 > 10 || arg2 - value - 1 > 10 || !atoi(value) || !atoi(arg2))
data/atheme-services-7.2.9/modules/protocol/charybdis.c:159:65:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (p - arg2 > 10 || arg2 - value - 1 > 10 || !atoi(value) || !atoi(arg2))
data/atheme-services-7.2.9/modules/protocol/charybdis.c:169:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hostgbuf[NICKLEN+USERLEN+HOSTLEN+GECOSLEN];
data/atheme-services-7.2.9/modules/protocol/charybdis.c:170:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char realgbuf[NICKLEN+USERLEN+HOSTLEN+GECOSLEN];
data/atheme-services-7.2.9/modules/protocol/charybdis.c:181:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hostbuf[NICKLEN+USERLEN+HOSTLEN];
data/atheme-services-7.2.9/modules/protocol/charybdis.c:182:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char realbuf[NICKLEN+USERLEN+HOSTLEN];
data/atheme-services-7.2.9/modules/protocol/charybdis.c:183:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipbuf[NICKLEN+USERLEN+HOSTLEN];
data/atheme-services-7.2.9/modules/protocol/charybdis.c:184:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char strippedmask[NICKLEN+USERLEN+HOSTLEN+CHANNELLEN+2];
data/atheme-services-7.2.9/modules/protocol/inspircd.c:123:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hostbuf[NICKLEN+USERLEN+HOSTLEN];
data/atheme-services-7.2.9/modules/protocol/inspircd.c:124:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char realbuf[NICKLEN+USERLEN+HOSTLEN];
data/atheme-services-7.2.9/modules/protocol/inspircd.c:125:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipbuf[NICKLEN+USERLEN+HOSTLEN];
data/atheme-services-7.2.9/modules/protocol/inspircd.c:220:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sid[4];
data/atheme-services-7.2.9/modules/protocol/inspircd.c:262:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (p - arg2 > 10 || arg2 - value - 1 > 10 || !atoi(value) || !atoi(arg2))
data/atheme-services-7.2.9/modules/protocol/inspircd.c:262:65:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (p - arg2 > 10 || arg2 - value - 1 > 10 || !atoi(value) || !atoi(arg2))
data/atheme-services-7.2.9/modules/protocol/inspircd.c:299:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (atoi(value) <= 0 || atoi(value) > max_rejoindelay)
data/atheme-services-7.2.9/modules/protocol/inspircd.c:299:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (atoi(value) <= 0 || atoi(value) > max_rejoindelay)
data/atheme-services-7.2.9/modules/protocol/inspircd.c:320:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (atoi(value) <= 0)
data/atheme-services-7.2.9/modules/protocol/inspircd.c:420:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/protocol/inspircd.c:455:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/protocol/inspircd.c:628:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char sid[3+1];
data/atheme-services-7.2.9/modules/protocol/inspircd.c:787:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	time_t ts = atol(parv[1]);
data/atheme-services-7.2.9/modules/protocol/inspircd.c:907:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *userv[256];
data/atheme-services-7.2.9/modules/protocol/inspircd.c:908:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefixandnick[51];
data/atheme-services-7.2.9/modules/protocol/inspircd.c:912:7:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ts = atol(parv[1]);
data/atheme-services-7.2.9/modules/protocol/inspircd.c:1045:92:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	u = user_add(parv[2], parv[5], parv[3], parv[4], parv[6], parv[0], parv[parc - 1], si->s, atol(parv[1]));
data/atheme-services-7.2.9/modules/protocol/inspircd.c:1060:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (user_changenick(si->su, parv[0], atoi(parv[1])))
data/atheme-services-7.2.9/modules/protocol/inspircd.c:1139:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ts = atoi(parv[1]);
data/atheme-services-7.2.9/modules/protocol/inspircd.c:1202:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ver[BUFSIZE];
data/atheme-services-7.2.9/modules/protocol/inspircd.c:1213:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	s = handle_server(si, parv[0], parv[3], atoi(parv[2]), parv[4]);
data/atheme-services-7.2.9/modules/protocol/inspircd.c:1259:39:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		c = channel_add(parv[0], parc > 1 ? atol(parv[1]) : CURRTIME, si->su->server);
data/atheme-services-7.2.9/modules/protocol/inspircd.c:1272:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (u->ts != atoi(parv[1]))
data/atheme-services-7.2.9/modules/protocol/inspircd.c:1407:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ts = atoi(parv[1]);
data/atheme-services-7.2.9/modules/protocol/inspircd.c:1450:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(certfp, fpstr, len);
data/atheme-services-7.2.9/modules/protocol/inspircd.c:1494:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *varv[256];
data/atheme-services-7.2.9/modules/protocol/inspircd.c:1515:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			has_protocol = atoi(parv[1]);
data/atheme-services-7.2.9/modules/protocol/inspircd.c:1594:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				max_rejoindelay = atoi(it + 1);
data/atheme-services-7.2.9/modules/protocol/ircd-seven.c:135:4:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			atoi(parv[2]));				/* hopcount */
data/atheme-services-7.2.9/modules/protocol/ircd-seven.c:188:73:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		u = user_add(parv[0], parv[4], parv[5], NULL, NULL, NULL, parv[7], s, atoi(parv[2]));
data/atheme-services-7.2.9/modules/protocol/ircd-seven.c:215:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (user_changenick(si->su, parv[0], atoi(parv[1])))
data/atheme-services-7.2.9/modules/protocol/ircnet.c:153:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/protocol/ircnet.c:214:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/protocol/ircnet.c:323:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char sid[4+1];
data/atheme-services-7.2.9/modules/protocol/ircnet.c:395:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sidbuf[4+1], *p;
data/atheme-services-7.2.9/modules/protocol/ircnet.c:404:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(sidbuf, p, 4);
data/atheme-services-7.2.9/modules/protocol/ircnet.c:451:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *userv[256];
data/atheme-services-7.2.9/modules/protocol/ircnet.c:481:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *chanv[256];
data/atheme-services-7.2.9/modules/protocol/ircnet.c:651:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	handle_server(si, parv[0], parv[2], atoi(parv[1]), parv[parc - 1]);
data/atheme-services-7.2.9/modules/protocol/nefarious.c:223:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ts = atoi(parv[parc - 2]);
data/atheme-services-7.2.9/modules/protocol/nefarious.c:235:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *modev[16];
data/atheme-services-7.2.9/modules/protocol/nefarious.c:237:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *userv[256];
data/atheme-services-7.2.9/modules/protocol/nefarious.c:240:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefix[16];
data/atheme-services-7.2.9/modules/protocol/nefarious.c:241:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newnick[16+NICKLEN];
data/atheme-services-7.2.9/modules/protocol/nefarious.c:252:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ts = atoi(parv[1]);
data/atheme-services-7.2.9/modules/protocol/nefarious.c:359:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipstring[HOSTIPLEN];
data/atheme-services-7.2.9/modules/protocol/nefarious.c:372:101:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		u = user_add(parv[0], parv[3], parv[4], parv[7], ipstring, parv[parc - 2], parv[parc - 1], si->s, atoi(parv[2]));
data/atheme-services-7.2.9/modules/protocol/nefarious.c:385:41:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				handle_burstlogin(u, parv[5+i], p ? atol(p) : 0);
data/atheme-services-7.2.9/modules/protocol/nefarious.c:401:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char userbuf[USERLEN];
data/atheme-services-7.2.9/modules/protocol/nefarious.c:445:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (user_changenick(si->su, parv[0], atoi(parv[1])))
data/atheme-services-7.2.9/modules/protocol/nefarious.c:494:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char userbuf[USERLEN];
data/atheme-services-7.2.9/modules/protocol/nefarious.c:630:47:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			handle_setlogin(si, u, parv[2], parc > 3 ? atol(parv[3]) : 0);
data/atheme-services-7.2.9/modules/protocol/nefarious.c:665:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[HOSTLEN + 1];
data/atheme-services-7.2.9/modules/protocol/ngircd.c:158:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/protocol/ngircd.c:215:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/protocol/ngircd.c:401:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *chanv[256];
data/atheme-services-7.2.9/modules/protocol/ngircd.c:482:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *userv[256];
data/atheme-services-7.2.9/modules/protocol/ngircd.c:667:4:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			atoi(parv[1]), parv[parc - 1]);
data/atheme-services-7.2.9/modules/protocol/ngircd.c:718:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *chanv[256];
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:108:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:177:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:345:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ts = atoi(parv[parc - 2]);
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:405:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:407:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *chanv[256];
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:415:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		channel_t *c = channel_add(chanv[i], ts = atoi(parv[1]), si->su->server);
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:441:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *chanv[256];
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:467:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			c = channel_add(chanv[i], atoi(parv[1]), si->su->server);
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:479:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *modev[16];
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:481:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *userv[256];
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:484:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefix[16];
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:485:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newnick[16+NICKLEN];
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:496:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ts = atoi(parv[1]);
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:600:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *chanv[256];
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:615:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipstring[HOSTIPLEN];
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:626:98:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		u = user_add(parv[0], parv[3], parv[4], NULL, ipstring, parv[parc - 2], parv[parc - 1], si->s, atoi(parv[2]));
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:638:39:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				handle_burstlogin(u, parv[6], p ? atol(p) : 0);
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:664:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (user_changenick(si->su, parv[0], atoi(parv[1])))
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:716:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (i < parc && (ts = atoi(parv[i])) != 0)
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:864:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	s = handle_server(si, parv[0], parv[5], atoi(parv[1]), parv[7]);
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:944:45:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	handle_setlogin(si, u, parv[1], parc > 2 ? atol(parv[2]) : 0);
data/atheme-services-7.2.9/modules/protocol/p10-generic.c:950:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[HOSTLEN + 1];
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:51:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ts6sid[3 + 1] = "";
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:163:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:245:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:573:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	time_t ts = atol(parv[0]);
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:600:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	time_t ts = atol(parv[1]);
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:630:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	channelts = atol(parv[0]);
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:631:12:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	topicts = atol(parv[2]);
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:700:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *userv[256];
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:707:7:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ts = atol(parv[0]);
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:809:7:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ts = atol(parv[0]);
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:862:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *av[256];
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:873:6:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (atol(parv[0]) > c->ts)
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:892:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *chanv[256];
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:921:73:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		u = user_add(parv[0], parv[4], parv[5], NULL, NULL, NULL, parv[7], s, atoi(parv[2]));
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:946:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (user_changenick(si->su, parv[0], atoi(parv[1])))
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:976:79:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		u = user_add(parv[0], parv[4], parv[5], NULL, parv[6], parv[7], parv[8], s, atoi(parv[2]));
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:1019:4:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			atoi(parv[2]));				/* hopcount */
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:1077:6:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (atol(parv[0]) > c->ts)
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:1135:75:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	s = handle_server(si, parv[0], si->s || !ircd->uses_uid ? NULL : ts6sid, atoi(parv[1]), parv[2]);
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:1152:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	s = handle_server(si, parv[0], parv[2], atoi(parv[1]), parv[3]);
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:1208:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (ircd->uses_uid && parc > 3 && atoi(parv[2]) >= 6)
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:1308:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[512];
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:1309:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char dest[NICKLEN + HOSTLEN];
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:1345:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (user_changenick(u, parv[0], atoi(parv[3])))
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:1454:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sid[4];
data/atheme-services-7.2.9/modules/protocol/unreal.c:20:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ts6sid[3 + 1] = "";
data/atheme-services-7.2.9/modules/protocol/unreal.c:134:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (p - arg2 > 10 || arg2 - value - 1 > 10 || !atoi(value) || !atoi(arg2))
data/atheme-services-7.2.9/modules/protocol/unreal.c:134:65:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (p - arg2 > 10 || arg2 - value - 1 > 10 || !atoi(value) || !atoi(arg2))
data/atheme-services-7.2.9/modules/protocol/unreal.c:184:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char evalbuf[BUFSIZE], *ep, *p;
data/atheme-services-7.2.9/modules/protocol/unreal.c:253:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hostbuf[NICKLEN+USERLEN+HOSTLEN];
data/atheme-services-7.2.9/modules/protocol/unreal.c:254:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char realbuf[NICKLEN+USERLEN+HOSTLEN];
data/atheme-services-7.2.9/modules/protocol/unreal.c:255:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipbuf[NICKLEN+USERLEN+HOSTLEN];
data/atheme-services-7.2.9/modules/protocol/unreal.c:399:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/protocol/unreal.c:456:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/protocol/unreal.c:521:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char escapedreason[512], *p;
data/atheme-services-7.2.9/modules/protocol/unreal.c:676:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char servermask[BUFSIZE], *p;
data/atheme-services-7.2.9/modules/protocol/unreal.c:694:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char servermask[BUFSIZE], *p;
data/atheme-services-7.2.9/modules/protocol/unreal.c:744:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	time_t ts = atol(parv[0]);
data/atheme-services-7.2.9/modules/protocol/unreal.c:787:36:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	handle_topic_from(si, c, parv[1], atol(parv[2]), parv[3]);
data/atheme-services-7.2.9/modules/protocol/unreal.c:878:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *userv[256];
data/atheme-services-7.2.9/modules/protocol/unreal.c:886:8:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ts = atol(parv[0]);
data/atheme-services-7.2.9/modules/protocol/unreal.c:919:8:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ts = atol(parv[0]);
data/atheme-services-7.2.9/modules/protocol/unreal.c:952:8:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ts = atol(parv[0]);
data/atheme-services-7.2.9/modules/protocol/unreal.c:982:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *chanv[256];
data/atheme-services-7.2.9/modules/protocol/unreal.c:1001:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipstring[64];
data/atheme-services-7.2.9/modules/protocol/unreal.c:1004:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipdata[16];
data/atheme-services-7.2.9/modules/protocol/unreal.c:1043:108:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		u = user_add(parv[0], parv[3], parv[4], vhost, iplen != 0 ? ipstring : NULL, parv[5], parv[parc - 1], s, atoi(parv[2]));
data/atheme-services-7.2.9/modules/protocol/unreal.c:1066:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		else if (u->ts > 100 && (time_t)atoi(parv[6]) == u->ts)
data/atheme-services-7.2.9/modules/protocol/unreal.c:1088:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipstring[64];
data/atheme-services-7.2.9/modules/protocol/unreal.c:1091:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipdata[16];
data/atheme-services-7.2.9/modules/protocol/unreal.c:1130:105:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		u = user_add(parv[0], parv[3], parv[4], vhost, iplen != 0 ? ipstring : NULL, NULL, parv[parc - 1], s, atoi(parv[2]));
data/atheme-services-7.2.9/modules/protocol/unreal.c:1153:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		else if (u->ts > 100 && (time_t)atoi(parv[6]) == u->ts)
data/atheme-services-7.2.9/modules/protocol/unreal.c:1172:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (user_changenick(si->su, parv[0], atoi(parv[1])))
data/atheme-services-7.2.9/modules/protocol/unreal.c:1180:59:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				sts(":%s SVS2MODE %s +rd %lu", nicksvs.nick, parv[0], atol(parv[1]));
data/atheme-services-7.2.9/modules/protocol/unreal.c:1360:75:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	s = handle_server(si, parv[0], si->s || !ircd->uses_uid ? NULL : ts6sid, atoi(parv[1]), inf);
data/atheme-services-7.2.9/modules/protocol/unreal.c:1376:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	s = handle_server(si, parv[0], parv[2], atoi(parv[1]), parv[3]);
data/atheme-services-7.2.9/modules/protocol/unreal4.c:22:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ts6sid[3 + 1] = "";
data/atheme-services-7.2.9/modules/protocol/unreal4.c:136:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (p - arg2 > 10 || arg2 - value - 1 > 10 || !atoi(value) || !atoi(arg2))
data/atheme-services-7.2.9/modules/protocol/unreal4.c:136:65:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (p - arg2 > 10 || arg2 - value - 1 > 10 || !atoi(value) || !atoi(arg2))
data/atheme-services-7.2.9/modules/protocol/unreal4.c:186:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char evalbuf[BUFSIZE], *ep, *p;
data/atheme-services-7.2.9/modules/protocol/unreal4.c:255:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hostbuf[NICKLEN+USERLEN+HOSTLEN];
data/atheme-services-7.2.9/modules/protocol/unreal4.c:256:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char realbuf[NICKLEN+USERLEN+HOSTLEN];
data/atheme-services-7.2.9/modules/protocol/unreal4.c:257:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipbuf[NICKLEN+USERLEN+HOSTLEN];
data/atheme-services-7.2.9/modules/protocol/unreal4.c:402:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/protocol/unreal4.c:459:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/protocol/unreal4.c:524:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char escapedreason[512], *p;
data/atheme-services-7.2.9/modules/protocol/unreal4.c:679:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char servermask[BUFSIZE], *p;
data/atheme-services-7.2.9/modules/protocol/unreal4.c:697:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char servermask[BUFSIZE], *p;
data/atheme-services-7.2.9/modules/protocol/unreal4.c:747:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	time_t ts = atol(parv[0]);
data/atheme-services-7.2.9/modules/protocol/unreal4.c:790:36:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	handle_topic_from(si, c, parv[1], atol(parv[2]), parv[3]);
data/atheme-services-7.2.9/modules/protocol/unreal4.c:881:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *userv[256];
data/atheme-services-7.2.9/modules/protocol/unreal4.c:889:8:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ts = atol(parv[0]);
data/atheme-services-7.2.9/modules/protocol/unreal4.c:922:8:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ts = atol(parv[0]);
data/atheme-services-7.2.9/modules/protocol/unreal4.c:955:8:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ts = atol(parv[0]);
data/atheme-services-7.2.9/modules/protocol/unreal4.c:985:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *chanv[256];
data/atheme-services-7.2.9/modules/protocol/unreal4.c:1004:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipstring[64];
data/atheme-services-7.2.9/modules/protocol/unreal4.c:1007:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipdata[16];
data/atheme-services-7.2.9/modules/protocol/unreal4.c:1046:108:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		u = user_add(parv[0], parv[3], parv[4], vhost, iplen != 0 ? ipstring : NULL, parv[5], parv[parc - 1], s, atoi(parv[2]));
data/atheme-services-7.2.9/modules/protocol/unreal4.c:1069:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		else if (u->ts > 100 && (time_t)atoi(parv[6]) == u->ts)
data/atheme-services-7.2.9/modules/protocol/unreal4.c:1091:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipstring[64];
data/atheme-services-7.2.9/modules/protocol/unreal4.c:1094:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipdata[16];
data/atheme-services-7.2.9/modules/protocol/unreal4.c:1133:105:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		u = user_add(parv[0], parv[3], parv[4], vhost, iplen != 0 ? ipstring : NULL, NULL, parv[parc - 1], s, atoi(parv[2]));
data/atheme-services-7.2.9/modules/protocol/unreal4.c:1156:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		else if (u->ts > 100 && (time_t)atoi(parv[6]) == u->ts)
data/atheme-services-7.2.9/modules/protocol/unreal4.c:1175:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (user_changenick(si->su, parv[0], atoi(parv[1])))
data/atheme-services-7.2.9/modules/protocol/unreal4.c:1183:59:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				sts(":%s SVS2MODE %s +rd %lu", nicksvs.nick, parv[0], atol(parv[1]));
data/atheme-services-7.2.9/modules/protocol/unreal4.c:1363:75:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	s = handle_server(si, parv[0], si->s || !ircd->uses_uid ? NULL : ts6sid, atoi(parv[1]), inf);
data/atheme-services-7.2.9/modules/protocol/unreal4.c:1379:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	s = handle_server(si, parv[0], parv[2], atoi(parv[1]), parv[3]);
data/atheme-services-7.2.9/modules/proxyscan/dnsbl.c:92:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[IRCD_RES_HOSTLEN + 1];
data/atheme-services-7.2.9/modules/proxyscan/dnsbl.c:253:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/proxyscan/dnsbl.c:363:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[IRCD_RES_HOSTLEN + 1];
data/atheme-services-7.2.9/modules/rpgserv/prettyprint.h:64:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char ppbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/rpgserv/prettyprint.h:65:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char parsebuf[BUFSIZE];
data/atheme-services-7.2.9/modules/rpgserv/set.c:22:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char nbuf[64];
data/atheme-services-7.2.9/modules/rpgserv/set.c:43:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char copy[512];
data/atheme-services-7.2.9/modules/rpgserv/set.c:63:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char copy[512];
data/atheme-services-7.2.9/modules/rpgserv/set.c:105:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char copy[512];
data/atheme-services-7.2.9/modules/saslserv/authcookie.c:43:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char authz[256];
data/atheme-services-7.2.9/modules/saslserv/authcookie.c:44:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char authc[256];
data/atheme-services-7.2.9/modules/saslserv/authcookie.c:45:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cookie[256];
data/atheme-services-7.2.9/modules/saslserv/ecdsa-nist256p-challenge.c:44:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char challenge[CHALLENGE_LENGTH];
data/atheme-services-7.2.9/modules/saslserv/ecdsa-nist256p-challenge.c:77:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char pubkey_raw[BUFSIZE];
data/atheme-services-7.2.9/modules/saslserv/ecdsa-nist256p-challenge.c:119:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(*out, s->challenge, CHALLENGE_LENGTH);
data/atheme-services-7.2.9/modules/saslserv/main.c:21:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char mechlist_string[400];
data/atheme-services-7.2.9/modules/saslserv/main.c:49:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char orig[BUFSIZE];
data/atheme-services-7.2.9/modules/saslserv/main.c:330:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(p->p, smsg->buf, len);
data/atheme-services-7.2.9/modules/saslserv/main.c:414:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char temp[BUFSIZE];
data/atheme-services-7.2.9/modules/saslserv/main.c:415:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mech[61];
data/atheme-services-7.2.9/modules/saslserv/main.c:431:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(mech, buf, len);
data/atheme-services-7.2.9/modules/saslserv/main.c:521:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char out[401];
data/atheme-services-7.2.9/modules/saslserv/main.c:527:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out, data, nbytes);
data/atheme-services-7.2.9/modules/saslserv/main.c:548:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lbuf[BUFSIZE];
data/atheme-services-7.2.9/modules/saslserv/main.c:559:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char priv[512] = PRIV_IMPERSONATE_ANY;
data/atheme-services-7.2.9/modules/saslserv/main.c:757:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char result[HOSTLEN+NICKLEN+10];
data/atheme-services-7.2.9/modules/saslserv/main.c:758:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char description[BUFSIZE];
data/atheme-services-7.2.9/modules/saslserv/plain.c:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char authz[256];
data/atheme-services-7.2.9/modules/saslserv/plain.c:43:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char authc[256];
data/atheme-services-7.2.9/modules/saslserv/plain.c:44:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pass[256];
data/atheme-services-7.2.9/modules/saslserv/plain.c:57:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(authz, message, end - message + 1);
data/atheme-services-7.2.9/modules/saslserv/plain.c:69:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(authc, message, end - message + 1);
data/atheme-services-7.2.9/modules/saslserv/plain.c:78:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pass, message, end - message);
data/atheme-services-7.2.9/modules/scripting/perl/perl_module.c:40:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *_perl_argv[3] = { "", PERL_INIT_FILE, NULL };
data/atheme-services-7.2.9/modules/scripting/perl/perl_module.c:43:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char perl_error[512];
data/atheme-services-7.2.9/modules/scripting/perl/perl_module.c:47:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[BUFSIZE];
data/atheme-services-7.2.9/modules/scripting/perl/perl_module.c:177:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char info_varname[BUFSIZE];
data/atheme-services-7.2.9/modules/scripting/perl/perl_module.c:341:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/modules/scripting/perl/perl_module.c:452:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pathbuf[4096];
data/atheme-services-7.2.9/modules/security/cmdperm.c:29:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char permbuf[BUFSIZE], *cp;
data/atheme-services-7.2.9/modules/transport/jsonrpc/main.c:338:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *newparv[20];
data/atheme-services-7.2.9/modules/transport/jsonrpc/main.c:688:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[300];
data/atheme-services-7.2.9/modules/transport/p10.c:43:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *parv[MAXPARC + 1];
data/atheme-services-7.2.9/modules/transport/p10.c:44:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char coreLine[BUFSIZE];
data/atheme-services-7.2.9/modules/transport/rfc1459/parse.c:37:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *parv[MAXPARC + 1];
data/atheme-services-7.2.9/modules/transport/rfc1459/parse.c:38:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char coreLine[BUFSIZE];
data/atheme-services-7.2.9/modules/transport/xmlrpc/main.c:59:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf1[300];
data/atheme-services-7.2.9/modules/transport/xmlrpc/main.c:355:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *newparv[20];
data/atheme-services-7.2.9/modules/transport/xmlrpc/main.c:411:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(newparv, parv + 5, newparc * sizeof(parv[0]));
data/atheme-services-7.2.9/modules/transport/xmlrpc/main.c:511:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[XMLRPC_BUFSIZE], buf2[XMLRPC_BUFSIZE];
data/atheme-services-7.2.9/modules/transport/xmlrpc/main.c:559:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[XMLRPC_BUFSIZE];
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:193:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:195:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char timebuf[64];
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:305:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(name, data, namelen);
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:316:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:349:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(s2 + strlen(header), s->str, len);
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:364:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[XMLRPC_BUFSIZE];
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:365:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf2[XMLRPC_BUFSIZE];
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:366:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf3[XMLRPC_BUFSIZE];
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:367:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf4[XMLRPC_BUFSIZE];
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:389:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:427:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(s2 + strlen(header), s->str, len);
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:451:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:483:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(s2 + strlen(header), s->str, len);
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:506:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char timebuf[XMLRPC_BUFSIZE];
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:545:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char encoded[XMLRPC_BUFSIZE];
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:580:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[XMLRPC_BUFSIZE];
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:741:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf2[15];
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:789:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf2[15];
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:853:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				*q++ = (char)atoi(p);
data/atheme-services-7.2.9/src/base64/main.c:6:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char b64out[BUFSIZE];
data/atheme-services-7.2.9/src/dragon/main.c:54:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char userbuf[BUFSIZE];
data/atheme-services-7.2.9/src/ecdsadecode/main.c:35:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char workbuf[BUFSIZE];
data/atheme-services-7.2.9/src/ecdsakeygen/main.c:37:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char encbuf[BUFSIZE];
data/atheme-services-7.2.9/src/ecdsasign/main.c:36:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char challenge[BUFSIZE];
data/atheme-services-7.2.9/tools/createburst/createburst.c:41:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char new_uid[9];
data/atheme-services-7.2.9/tools/createburst/createburst.c:47:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZE];
data/atheme-services-7.2.9/tools/createburst/createburst.c:50:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(new_uid, SID, strlen(SID));
data/atheme-services-7.2.9/tools/createburst/createburst.c:94:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char nick[20];
data/atheme-services-7.2.9/tools/createburst/createburst.c:117:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char nick[20];
data/atheme-services-7.2.9/tools/createburst/createburst.c:150:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	count = atoi(argv[1]);
data/atheme-services-7.2.9/tools/createtestdb/createtestdb.c:43:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char nick[20];
data/atheme-services-7.2.9/tools/createtestdb/createtestdb.c:52:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	count = atoi(argv[1]);
data/atheme-services-7.2.9/contrib/anope_convert.c:148:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					passwd = passwdbuf + strlen(passwdbuf);
data/atheme-services-7.2.9/libathemecore/account.c:309:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(nicks) + strlen(mn->nick) + 3 >= sizeof nicks)
data/atheme-services-7.2.9/libathemecore/account.c:309:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(nicks) + strlen(mn->nick) + 3 >= sizeof nicks)
data/atheme-services-7.2.9/libathemecore/account.c:364:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return_if_fail(strlen(name) < NICKLEN);
data/atheme-services-7.2.9/libathemecore/account.c:904:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					copy = smalloc(strlen(md->value) + 12);
data/atheme-services-7.2.9/libathemecore/account.c:1208:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (md != NULL && strlen(md->value) > 450)
data/atheme-services-7.2.9/libathemecore/account.c:1240:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		q = buf + strlen(buf);
data/atheme-services-7.2.9/libathemecore/account.c:1249:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				qq = params + strlen(params);
data/atheme-services-7.2.9/libathemecore/account.c:1280:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		q = buf + strlen(buf);
data/atheme-services-7.2.9/libathemecore/account.c:1326:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char *q = mlock + strlen(mlock);
data/atheme-services-7.2.9/libathemecore/arc4random.c:95:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		r = read(fd, s + o, len - o);
data/atheme-services-7.2.9/libathemecore/atheme.c:122:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			if (read(daemonize_pipe[0], &c, 1) == 1)
data/atheme-services-7.2.9/libathemecore/cmode.c:433:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	md->totallen = strlen(md->source) + USERLEN + HOSTLEN + 1 + 4 + 1 +
data/atheme-services-7.2.9/libathemecore/cmode.c:434:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		10 + strlen(md->channel->name) + 1;
data/atheme-services-7.2.9/libathemecore/cmode.c:435:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	md->totallen += 2 + 32 + strlen(md->pmodes);
data/atheme-services-7.2.9/libathemecore/cmode.c:445:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				md->totalparamslen += 1 + strlen(md->extmodes[i]);
data/atheme-services-7.2.9/libathemecore/cmode.c:447:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	md->totalparamslen += strlen(md->params);
data/atheme-services-7.2.9/libathemecore/cmode.c:489:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p += strlen(p);
data/atheme-services-7.2.9/libathemecore/cmode.c:511:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p += strlen(p);
data/atheme-services-7.2.9/libathemecore/cmode.c:529:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	p += strlen(p);
data/atheme-services-7.2.9/libathemecore/cmode.c:549:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p += strlen(p);
data/atheme-services-7.2.9/libathemecore/cmode.c:556:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			p += strlen(p);
data/atheme-services-7.2.9/libathemecore/cmode.c:562:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p += strlen(p);
data/atheme-services-7.2.9/libathemecore/cmode.c:621:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (md->totallen + 1 + strlen(value) > 512)
data/atheme-services-7.2.9/libathemecore/cmode.c:655:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (n >= MAXMODES || md->totallen + (dir != dir2) + 2 + strlen(value) > 512 || (type == 'k' && strchr(md->pmodes, 'k')))
data/atheme-services-7.2.9/libathemecore/cmode.c:827:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			q += strlen(q);
data/atheme-services-7.2.9/libathemecore/cmode.c:837:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			q += strlen(q);
data/atheme-services-7.2.9/libathemecore/cmode.c:849:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				q += strlen(q);
data/atheme-services-7.2.9/libathemecore/commandtree.c:202:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	l = strlen(name);
data/atheme-services-7.2.9/libathemecore/commandtree.c:253:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	l = strlen(buf);
data/atheme-services-7.2.9/libathemecore/commandtree.c:268:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(buf) > l)
data/atheme-services-7.2.9/libathemecore/commandtree.c:270:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(buf) > 55)
data/atheme-services-7.2.9/libathemecore/commandtree.c:283:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(buf) > l)
data/atheme-services-7.2.9/libathemecore/commandtree.c:310:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			p += strlen(p) - 1;
data/atheme-services-7.2.9/libathemecore/conf.c:412:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					newprivs = smalloc(strlen(privs) + 1 + strlen(ce->vardata) + 1);
data/atheme-services-7.2.9/libathemecore/conf.c:412:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					newprivs = smalloc(strlen(privs) + 1 + strlen(ce->vardata) + 1);
data/atheme-services-7.2.9/libathemecore/conf.c:414:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
					strcat(newprivs, " ");
data/atheme-services-7.2.9/libathemecore/conf.c:440:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						newprivs = smalloc(strlen(privs) + 1 + strlen(conf_p->varname) + 1);
data/atheme-services-7.2.9/libathemecore/conf.c:440:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						newprivs = smalloc(strlen(privs) + 1 + strlen(conf_p->varname) + 1);
data/atheme-services-7.2.9/libathemecore/conf.c:442:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
						strcat(newprivs, " ");
data/atheme-services-7.2.9/libathemecore/conf.c:468:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				newprivs = smalloc(strlen(privs) + 1 + strlen(parent->privs) + 1);
data/atheme-services-7.2.9/libathemecore/conf.c:468:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				newprivs = smalloc(strlen(privs) + 1 + strlen(parent->privs) + 1);
data/atheme-services-7.2.9/libathemecore/conf.c:470:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
				strcat(newprivs, " ");
data/atheme-services-7.2.9/libathemecore/function.c:57:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	md5_append(&ctx, (unsigned char *)buf, strlen(buf));
data/atheme-services-7.2.9/libathemecore/function.c:105:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int left = strlen(s);
data/atheme-services-7.2.9/libathemecore/function.c:107:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int oldlen = strlen(old);
data/atheme-services-7.2.9/libathemecore/function.c:108:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int newlen = strlen(new);
data/atheme-services-7.2.9/libathemecore/function.c:241:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(email) >= EMAILLEN)
data/atheme-services-7.2.9/libathemecore/function.c:428:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(host) > NICKLEN + USERLEN + HOSTLEN + 1)
data/atheme-services-7.2.9/libathemecore/function.c:469:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if((size_t) (BUFSIZE - mask_pos) < strlen(mask) + 5)
data/atheme-services-7.2.9/libathemecore/function.c:523:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(strlen(nick) > NICKLEN - 1)
data/atheme-services-7.2.9/libathemecore/function.c:528:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(strlen(user) > USERLEN)
data/atheme-services-7.2.9/libathemecore/function.c:533:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(strlen(host) > HOSTLEN)
data/atheme-services-7.2.9/libathemecore/function.c:564:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(topic) > 450)
data/atheme-services-7.2.9/libathemecore/linker.c:50:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len = strlen(path) + 20;
data/atheme-services-7.2.9/libathemecore/match.c:713:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			return pcre_exec(preg->un.pcre, NULL, string, strlen(string), 0, 0, NULL, 0) >= 0;
data/atheme-services-7.2.9/libathemecore/memory.c:70:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	t = smalloc(strlen(s) + 1);
data/atheme-services-7.2.9/libathemecore/privs.c:301:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	l = strlen(name);
data/atheme-services-7.2.9/libathemecore/qrcode.c:101:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	code = QRcode_encodeData(strlen(data), data, 4, QR_ECLEVEL_L);
data/atheme-services-7.2.9/libathemecore/qrcode.c:104:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	bufsize = strlen(prologue) + (realwidth * 3) + strlen(prologue);
data/atheme-services-7.2.9/libathemecore/qrcode.c:104:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	bufsize = strlen(prologue) + (realwidth * 3) + strlen(prologue);
data/atheme-services-7.2.9/libathemecore/res.c:274:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			size_t len = strlen(hname);
data/atheme-services-7.2.9/libathemecore/res.c:276:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((strlen(irc_domain) + len + 2) < size)
data/atheme-services-7.2.9/libathemecore/res.c:451:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		request->name = (char *)smalloc(strlen(host_name) + 1);
data/atheme-services-7.2.9/libathemecore/send.c:46:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(buf);
data/atheme-services-7.2.9/libathemecore/services.c:1148:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(host) >= HOSTLEN)
data/atheme-services-7.2.9/libathemecore/servtree.c:503:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		str = smalloc(strlen(name) + 1 + strlen(me.name) + 1);
data/atheme-services-7.2.9/libathemecore/servtree.c:503:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		str = smalloc(strlen(name) + 1 + strlen(me.name) + 1);
data/atheme-services-7.2.9/libathemecore/signal.c:92:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			n = send(curr_uplink->conn->fd, chansvs.nick, strlen(chansvs.nick), 0);
data/atheme-services-7.2.9/libathemecore/string.c:215:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(find);
data/atheme-services-7.2.9/libathemecore/strshare.c:50:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ss = smalloc(sizeof(strshare_t) + strlen(str) + 1);
data/atheme-services-7.2.9/libathemecore/table.c:204:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((sz = strlen(c->name)) > (size_t)rc->width)
data/atheme-services-7.2.9/libathemecore/table.c:207:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((sz = strlen(c->value)) > (size_t)rc->width)
data/atheme-services-7.2.9/libathemecore/table.c:248:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			for (i = 0; i < (int)strlen(c->name); i++)
data/atheme-services-7.2.9/libathemecore/table.c:289:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			for (i = 0; i < (int)strlen(c->name); i++)
data/atheme-services-7.2.9/libathemecore/template.c:98:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	l = strlen(name);
data/atheme-services-7.2.9/libathemecore/ubase64.c:83:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(b64);
data/atheme-services-7.2.9/libathemecore/ubase64.c:115:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				i += strlen(buf);
data/atheme-services-7.2.9/libmowgli-2/src/examples/async_resolver/async_resolver.c:76:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if ((ret = read(pollable->fd, buf, sizeof(buf))) < 0)
data/atheme-services-7.2.9/libmowgli-2/src/examples/echoserver/echoserver.c:73:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		send(pollable->fd, client->buf, strlen(client->buf), 0);
data/atheme-services-7.2.9/libmowgli-2/src/examples/helpertest/helpertest.c:86:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	r = read(helper->fd, buf, sizeof buf);
data/atheme-services-7.2.9/libmowgli-2/src/examples/libevent-bench/bench.c:102:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	count += read(pollable->fd, &ch, sizeof(ch));
data/atheme-services-7.2.9/libmowgli-2/src/examples/linetest/linetest.c:101:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	write_line(client->linebuf, buf, strlen(buf));
data/atheme-services-7.2.9/libmowgli-2/src/examples/linetest/linetest.c:104:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	write_line(client->linebuf, buf, strlen(buf));
data/atheme-services-7.2.9/libmowgli-2/src/examples/linetest/linetest.c:118:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(str, line, sizeof(str));
data/atheme-services-7.2.9/libmowgli-2/src/examples/linetest/linetest.c:132:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			mowgli_linebuf_write(linebuf, buf, strlen(buf));
data/atheme-services-7.2.9/libmowgli-2/src/examples/vio-udplistener/vio-udplistener.c:42:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		mowgli_vio_sendto(vio, buf, strlen(buf), &addr);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/base/formatter.c:44:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pos = strlen(buf);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/container/patricia.c:640:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	keylen = strlen(key);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/container/patricia.c:717:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	keylen = strlen(key);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/alloc.c:109:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(in) + 1;
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/alloc.c:136:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(in) + 1;
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/core/mowgli_string.c:136:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		return dlen + strlen(s);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_res.c:488:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			size_t len = strlen(hname);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_res.c:490:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((strlen(state->domain) + len + 2) < size)
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/dns/evloop_reslist_win32.c:64:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((strlen(fixedinfo->DnsServerList.IpAddress.String) > 0) &&
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/eventloop/null_pollops.c:118:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(999999);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/eventloop/null_pollops.c:119:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(time);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/getopt_long.c:442:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			current_argv_len = strlen(current_argv);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/getopt_long.c:452:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(long_options[i].name) ==
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/json.c:196:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return mowgli_json_create_string_n(str, strlen(str));
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/json.c:407:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	serialize_string_data(key, strlen(key), priv->out);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/json.c:1459:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	mowgli_json_parse_data(&static_parser, data, strlen(data));
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/proctitle.c:145:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			end_of_area = argv[i] + strlen(argv[i]);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/proctitle.c:159:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			end_of_area = environ[i] + strlen(environ[i]);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/proctitle.c:238:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ps_buffer_cur_len = ps_buffer_fixed_size = strlen(ps_buffer);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/ext/program_opts.c:60:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(name) > 1)
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/linebuf/linebuf.c:157:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	linebuf->endl_len = strlen(endl);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/vio/vio.h:106:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	mowgli_vio_read_func_t *read;
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/vio/vio.h:313:45:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define mowgli_vio_read(vio, ...) vio->ops->read(vio, __VA_ARGS__)
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/vio/vio_openssl.c:62:46:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
static int mowgli_openssl_read_or_write(bool read, mowgli_vio_t *vio, void *readbuf, const void *writebuf, size_t len);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/vio/vio_openssl.c:103:34:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	mowgli_vio_ops_set_op(vio->ops, read, mowgli_vio_openssl_default_read);
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/vio/vio_openssl.c:427:35:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
mowgli_openssl_read_or_write(bool read, mowgli_vio_t *vio, void *readbuf, const void *writebuf, size_t len)
data/atheme-services-7.2.9/libmowgli-2/src/libmowgli/vio/vio_openssl.c:441:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if (read)
data/atheme-services-7.2.9/modules/alis/main.c:137:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t max = 1 + strlen(parv[0]) + 2;
data/atheme-services-7.2.9/modules/alis/main.c:206:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				size_t max = 1 + strlen(arg) + 2;
data/atheme-services-7.2.9/modules/auth/ldap.c:143:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cred.bv_len = strlen(password);
data/atheme-services-7.2.9/modules/auth/ldap.c:178:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			cred.bv_len = strlen(ldap_config.bindauth);
data/atheme-services-7.2.9/modules/auth/ldap.c:200:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cred.bv_len = strlen(password);
data/atheme-services-7.2.9/modules/backend/corestorage.c:640:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(value);
data/atheme-services-7.2.9/modules/backend/flatfile.c:68:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		while ((c = getc(f)) != EOF && c != '\n')
data/atheme-services-7.2.9/modules/backend/opensex.c:60:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while ((c = getc(rs->f)) != EOF && c != '\n')
data/atheme-services-7.2.9/modules/botserv/main.c:383:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(cmd) >= 2 && strchr(prefix, cmd[0]) && isalpha((unsigned char)*++cmd))
data/atheme-services-7.2.9/modules/botserv/main.c:410:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	else if (!strncasecmp(cmd, si->service->me->nick, strlen(si->service->me->nick)) && (cmd = strtok(NULL, "")) != NULL)
data/atheme-services-7.2.9/modules/botserv/main.c:571:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(field) > maxlen)
data/atheme-services-7.2.9/modules/botserv/main.c:638:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(parv[4]) < GECOSLEN)
data/atheme-services-7.2.9/modules/botserv/main.c:736:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(parv[3]) >= GECOSLEN)
data/atheme-services-7.2.9/modules/chanserv/access.c:440:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	l = strlen(role);
data/atheme-services-7.2.9/modules/chanserv/access.c:488:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			snprintf(newstr + strlen(newstr), sizeof newstr - strlen(newstr), " %s=%s", role, flagstr);
data/atheme-services-7.2.9/modules/chanserv/access.c:488:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			snprintf(newstr + strlen(newstr), sizeof newstr - strlen(newstr), " %s=%s", role, flagstr);
data/atheme-services-7.2.9/modules/chanserv/access.c:499:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(newstr) >= 300)
data/atheme-services-7.2.9/modules/chanserv/chanserv.h:37:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	act = smalloc(sizeof(*act) + strlen(nick) + 1);
data/atheme-services-7.2.9/modules/chanserv/count.c:118:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		snprintf(str + strlen(str), sizeof str - strlen(str),
data/atheme-services-7.2.9/modules/chanserv/count.c:118:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		snprintf(str + strlen(str), sizeof str - strlen(str),
data/atheme-services-7.2.9/modules/chanserv/info.c:112:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (md != NULL && strlen(md->value) > 450)
data/atheme-services-7.2.9/modules/chanserv/info.c:158:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(buf, " ");
data/atheme-services-7.2.9/modules/chanserv/info.c:166:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(buf, " ");
data/atheme-services-7.2.9/modules/chanserv/info.c:173:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(buf, " ");
data/atheme-services-7.2.9/modules/chanserv/info.c:181:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(buf, " ");
data/atheme-services-7.2.9/modules/chanserv/info.c:189:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(buf, " ");
data/atheme-services-7.2.9/modules/chanserv/info.c:197:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(buf, " ");
data/atheme-services-7.2.9/modules/chanserv/info.c:205:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(buf, " ");
data/atheme-services-7.2.9/modules/chanserv/info.c:213:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(buf, " ");
data/atheme-services-7.2.9/modules/chanserv/info.c:221:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(buf, " ");
data/atheme-services-7.2.9/modules/chanserv/info.c:229:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(buf, " ");
data/atheme-services-7.2.9/modules/chanserv/info.c:237:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(buf, " ");
data/atheme-services-7.2.9/modules/chanserv/info.c:245:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(buf, " ");
data/atheme-services-7.2.9/modules/chanserv/info.c:253:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(buf, " ");
data/atheme-services-7.2.9/modules/chanserv/main.c:124:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(cmd) >= 2 && strchr(prefix, cmd[0]) && isalpha((unsigned char)*++cmd))
data/atheme-services-7.2.9/modules/chanserv/main.c:151:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		else if (!ircncasecmp(cmd, chansvs.nick, strlen(chansvs.nick)) && !isalnum((unsigned char)cmd[strlen(chansvs.nick)]) && (cmd = strtok(NULL, "")) != NULL)
data/atheme-services-7.2.9/modules/chanserv/main.c:151:97:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		else if (!ircncasecmp(cmd, chansvs.nick, strlen(chansvs.nick)) && !isalnum((unsigned char)cmd[strlen(chansvs.nick)]) && (cmd = strtok(NULL, "")) != NULL)
data/atheme-services-7.2.9/modules/chanserv/main.c:447:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					p = akickreason + strlen(akickreason);
data/atheme-services-7.2.9/modules/chanserv/set_mlock.c:115:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				  else if (strlen(arg) >= KEYLEN)
data/atheme-services-7.2.9/modules/chanserv/set_mlock.c:117:86:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					  command_fail(si, fault_badparams, _("MLOCK key is too long (%d > %d)."), (int)strlen(arg), KEYLEN - 1);
data/atheme-services-7.2.9/modules/chanserv/set_mlock.c:188:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						  if (strlen(arg) > 350)
data/atheme-services-7.2.9/modules/chanserv/set_property.c:107:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(property) > 32 || strlen(value) > 300 || has_ctrl_chars(property))
data/atheme-services-7.2.9/modules/chanserv/set_property.c:107:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(property) > 32 || strlen(value) > 300 || has_ctrl_chars(property))
data/atheme-services-7.2.9/modules/chanserv/sync.c:119:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					p = akickreason + strlen(akickreason);
data/atheme-services-7.2.9/modules/chanserv/template.c:125:101:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				command_success_nodata(si, "%-20.*s %.*s", (int)(q - p), p, r != NULL ? (int)(r - q - 1) : (int)strlen(q + 1), q + 1);
data/atheme-services-7.2.9/modules/chanserv/template.c:181:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		l = strlen(target);
data/atheme-services-7.2.9/modules/chanserv/template.c:309:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				snprintf(newstr + strlen(newstr), sizeof newstr - strlen(newstr), " %s=%s", target, bitmask_to_flags(newflags));
data/atheme-services-7.2.9/modules/chanserv/template.c:309:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				snprintf(newstr + strlen(newstr), sizeof newstr - strlen(newstr), " %s=%s", target, bitmask_to_flags(newflags));
data/atheme-services-7.2.9/modules/chanserv/template.c:331:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(newstr) >= 300)
data/atheme-services-7.2.9/modules/chanserv/template.c:345:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			snprintf(ss,sizeof ss,"%.*s",r != NULL ? (int)(r - q - 1) : (int)strlen(q + 1), q + 1);
data/atheme-services-7.2.9/modules/chanserv/template.c:348:152:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				command_fail(si, fault_alreadyexists, _("The template \2%.*s\2 already has flags \2%.*s\2."), (int)(q - p), p, r != NULL ? (int)(r - q - 1) : (int)strlen(q + 1), q + 1);
data/atheme-services-7.2.9/modules/chanserv/topic.c:330:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	search_size = strlen(search);
data/atheme-services-7.2.9/modules/chanserv/topic.c:331:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	replace_size = strlen(replace);
data/atheme-services-7.2.9/modules/chanserv/topic.c:340:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	copylen = strlen(pos + search_size) + 1;
data/atheme-services-7.2.9/modules/contrib/gen_echoserver.c:25:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if ((n = read(cptr->fd, buf, BUFSIZE)) > 0)
data/atheme-services-7.2.9/modules/contrib/gen_echoserver.c:45:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		sendq_add(cptr, buf2, strlen(buf2));
data/atheme-services-7.2.9/modules/contrib/gen_listenerdemo.c:25:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if ((n = read(cptr->fd, buf, BUFSIZE)) > 0)
data/atheme-services-7.2.9/modules/contrib/gen_vhostonreg.c:50:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	maxlen1 = HOSTLEN - 2 - strlen(me.hidehostsuffix);
data/atheme-services-7.2.9/modules/contrib/ircd_announceserv.c:214:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(subject) > 35)
data/atheme-services-7.2.9/modules/contrib/ircd_announceserv.c:221:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(text) > 450)
data/atheme-services-7.2.9/modules/contrib/ms_fsend.c:80:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(m) >= MEMOLEN)
data/atheme-services-7.2.9/modules/contrib/ns_ajoin.c:74:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(md->value) + strlen(parv[1]) > 400)
data/atheme-services-7.2.9/modules/contrib/ns_ajoin.c:74:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(md->value) + strlen(parv[1]) > 400)
data/atheme-services-7.2.9/modules/contrib/ns_cleannick.c:42:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	score = (float) capcount / (float) strlen(nickname);
data/atheme-services-7.2.9/modules/contrib/ns_cleannick.c:43:93:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	slog(LG_DEBUG, "is_nickname_lame(%s): score %0.3f %d/%zu caps", nickname, score, capcount, strlen(nickname));
data/atheme-services-7.2.9/modules/contrib/ns_fregister.c:66:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(uflags & MU_CRYPTPASS) && strlen(pass) > 32)
data/atheme-services-7.2.9/modules/contrib/ns_guestnoreg.c:39:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                int nicklen = strlen(nick);
data/atheme-services-7.2.9/modules/crypto/ircservices.c:84:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return myencrypt(buf, strlen(buf), buf, size);
data/atheme-services-7.2.9/modules/crypto/ircservices.c:95:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (myencrypt(plaintext, strlen(plaintext), buf, sizeof(buf)) < 0)
data/atheme-services-7.2.9/modules/crypto/ircservices.c:121:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		myencrypt(key, strlen(key), output, PASSMAX);
data/atheme-services-7.2.9/modules/crypto/pbkdf2.c:52:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(salt) < SALTLEN)
data/atheme-services-7.2.9/modules/crypto/pbkdf2.c:57:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	res = PKCS5_PBKDF2_HMAC(key, strlen(key), (const unsigned char *)salt, SALTLEN, ROUNDS, EVP_sha512(), SHA512_DIGEST_LENGTH, digestbuf);
data/atheme-services-7.2.9/modules/crypto/pbkdf2v2.c:109:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t sl = strlen(salt);
data/atheme-services-7.2.9/modules/crypto/pbkdf2v2.c:110:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t pl = strlen(pass);
data/atheme-services-7.2.9/modules/crypto/posix.c:83:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	passwd_len = strlen(passwd);
data/atheme-services-7.2.9/modules/crypto/posix.c:86:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	soft_assert(strlen(magic) <= 4); /* "1" or "apr1" */
data/atheme-services-7.2.9/modules/crypto/posix.c:87:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(out_buf, magic, 4);
data/atheme-services-7.2.9/modules/crypto/posix.c:88:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
	strncat(out_buf, "$", 1);
data/atheme-services-7.2.9/modules/crypto/posix.c:89:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(out_buf, salt, 8);
data/atheme-services-7.2.9/modules/crypto/posix.c:90:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	soft_assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
data/atheme-services-7.2.9/modules/crypto/posix.c:91:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	salt_out = out_buf + 2 + strlen(magic);
data/atheme-services-7.2.9/modules/crypto/posix.c:92:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	salt_len = strlen(salt_out);
data/atheme-services-7.2.9/modules/crypto/posix.c:99:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EVP_DigestUpdate(&md, magic, strlen(magic));
data/atheme-services-7.2.9/modules/crypto/posix.c:154:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		soft_assert(output == out_buf + strlen(out_buf));
data/atheme-services-7.2.9/modules/crypto/posix.c:171:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		soft_assert(strlen(out_buf) < sizeof(out_buf));
data/atheme-services-7.2.9/modules/crypto/rawmd5.c:29:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	md5_append(&ctx, (const unsigned char *)key, strlen(key));
data/atheme-services-7.2.9/modules/crypto/rawsha1.c:33:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	SHA1_Update(&ctx, key, strlen(key));
data/atheme-services-7.2.9/modules/exttarget/chanacs.c:116:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	namelen = sizeof NAMEPREFIX + strlen(param);
data/atheme-services-7.2.9/modules/exttarget/channel.c:101:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	namelen = sizeof NAMEPREFIX + strlen(param);
data/atheme-services-7.2.9/modules/exttarget/server.c:96:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	namelen = sizeof NAMEPREFIX + strlen(param);
data/atheme-services-7.2.9/modules/gameserv/dice.c:142:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(s_input) > 250)
data/atheme-services-7.2.9/modules/gameserv/dice.c:145:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			sprintf(&buffer[150], "...%s = %.8g", &s_input[strlen(s_input) - 10], expr);
data/atheme-services-7.2.9/modules/groupserv/main/groupserv.c:411:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return_if_fail(strlen(name) < NICKLEN);
data/atheme-services-7.2.9/modules/groupserv/register.c:53:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(parv[0]) >= NICKLEN)
data/atheme-services-7.2.9/modules/hostserv/request.c:426:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (reason && strlen(reason) > 150)
data/atheme-services-7.2.9/modules/memoserv/send.c:78:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(m) >= MEMOLEN)
data/atheme-services-7.2.9/modules/memoserv/sendall.c:76:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(m) >= MEMOLEN)
data/atheme-services-7.2.9/modules/memoserv/sendgroup.c:79:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(m) >= MEMOLEN)
data/atheme-services-7.2.9/modules/memoserv/sendops.c:78:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(m) >= MEMOLEN)
data/atheme-services-7.2.9/modules/misc/httpd.c:129:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			errorcode, text, PACKAGE_VERSION, (unsigned long)strlen(buf2),
data/atheme-services-7.2.9/modules/misc/httpd.c:131:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	sendq_add(cptr, buf1, strlen(buf1));
data/atheme-services-7.2.9/modules/misc/httpd.c:271:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			sendq_add(cptr, outbuf, strlen(outbuf));
data/atheme-services-7.2.9/modules/misc/httpd.c:278:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
				count = read(in, outbuf, count);
data/atheme-services-7.2.9/modules/misc/httpd.c:318:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				sendq_add(cptr, outbuf, strlen(outbuf));
data/atheme-services-7.2.9/modules/nickserv/access.c:43:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(name) < 9)
data/atheme-services-7.2.9/modules/nickserv/access.c:273:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(mask) >= USERLEN + HOSTLEN)
data/atheme-services-7.2.9/modules/nickserv/enforce.c:527:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	prefixlen = strlen(nicksvs.enforce_prefix);
data/atheme-services-7.2.9/modules/nickserv/info.c:245:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(buf) > 80)
data/atheme-services-7.2.9/modules/nickserv/info.c:276:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen(buf) > 80)
data/atheme-services-7.2.9/modules/nickserv/register.c:71:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(pass) >= PASSLEN)
data/atheme-services-7.2.9/modules/nickserv/register.c:100:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(account) >= NICKLEN)
data/atheme-services-7.2.9/modules/nickserv/set_password.c:55:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(password) >= PASSLEN)
data/atheme-services-7.2.9/modules/nickserv/set_property.c:97:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(property) > 32 || strlen(value) > 300 || has_ctrl_chars(property))
data/atheme-services-7.2.9/modules/nickserv/set_property.c:97:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(property) > 32 || strlen(value) > 300 || has_ctrl_chars(property))
data/atheme-services-7.2.9/modules/nickserv/setpass.c:74:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(password) >= PASSLEN)
data/atheme-services-7.2.9/modules/operserv/compare.c:91:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						if (temp >= 5 || strlen(buf) > 300)
data/atheme-services-7.2.9/modules/operserv/compare.c:152:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						if (temp >= 5 || strlen(buf) > 300)
data/atheme-services-7.2.9/modules/operserv/override.c:142:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			p += strlen(p) - 1;
data/atheme-services-7.2.9/modules/operserv/sgline.c:213:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(target) > GECOSLEN * 2)
data/atheme-services-7.2.9/modules/protocol/base36uid.c:48:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		memcpy(new_uid, me.numeric, strlen(me.numeric));
data/atheme-services-7.2.9/modules/protocol/base36uid.c:52:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (i = 0; i < strlen(me.numeric); i++)
data/atheme-services-7.2.9/modules/protocol/base36uid.c:56:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (i = strlen(me.numeric); i < uindex; i++)
data/atheme-services-7.2.9/modules/protocol/base36uid.c:62:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (i != strlen(me.numeric))	/* Not reached server SID portion yet? */
data/atheme-services-7.2.9/modules/protocol/base36uid.c:77:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			for (i = strlen(me.numeric); i < 9; i++)
data/atheme-services-7.2.9/modules/protocol/charybdis.c:114:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!VALID_GLOBAL_CHANNEL_PFX(value) || strlen(value) > 50)
data/atheme-services-7.2.9/modules/protocol/charybdis.c:290:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	const size_t mask_len = strlen(mask);
data/atheme-services-7.2.9/modules/protocol/inspircd.c:192:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	const size_t mask_len = strlen(mask);
data/atheme-services-7.2.9/modules/protocol/inspircd.c:277:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!VALID_GLOBAL_CHANNEL_PFX(value) || strlen(value) > 50)
data/atheme-services-7.2.9/modules/protocol/inspircd.c:1447:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = end ? (unsigned int)(end - fpstr) : strlen(fpstr);
data/atheme-services-7.2.9/modules/protocol/nefarious.c:172:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			!strcmp(u->vhost + strlen(u->vhost) - strlen(me.hidehostsuffix), me.hidehostsuffix))
data/atheme-services-7.2.9/modules/protocol/nefarious.c:172:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			!strcmp(u->vhost + strlen(u->vhost) - strlen(me.hidehostsuffix), me.hidehostsuffix))
data/atheme-services-7.2.9/modules/protocol/nefarious.c:617:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(parv[1]) != 1 || (parv[1][0] != 'U' && parc < 3))
data/atheme-services-7.2.9/modules/protocol/ts6-generic.c:75:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	else if (strlen(me.numeric) == 3 && isdigit((unsigned char)*me.numeric))
data/atheme-services-7.2.9/modules/protocol/unreal.c:147:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(value) < 3)
data/atheme-services-7.2.9/modules/protocol/unreal.c:238:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!VALID_GLOBAL_CHANNEL_PFX(value) || strlen(value) > 50)
data/atheme-services-7.2.9/modules/protocol/unreal.c:1023:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(ipb64) == 8)
data/atheme-services-7.2.9/modules/protocol/unreal.c:1031:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			else if (strlen(ipb64) == 24)
data/atheme-services-7.2.9/modules/protocol/unreal.c:1110:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(ipb64) == 8)
data/atheme-services-7.2.9/modules/protocol/unreal.c:1118:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			else if (strlen(ipb64) == 24)
data/atheme-services-7.2.9/modules/protocol/unreal.c:1252:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	const char mask_len = strlen(mask);
data/atheme-services-7.2.9/modules/protocol/unreal4.c:149:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(value) < 3)
data/atheme-services-7.2.9/modules/protocol/unreal4.c:240:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!VALID_GLOBAL_CHANNEL_PFX(value) || strlen(value) > 50)
data/atheme-services-7.2.9/modules/protocol/unreal4.c:1026:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(ipb64) == 8)
data/atheme-services-7.2.9/modules/protocol/unreal4.c:1034:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			else if (strlen(ipb64) == 24)
data/atheme-services-7.2.9/modules/protocol/unreal4.c:1113:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(ipb64) == 8)
data/atheme-services-7.2.9/modules/protocol/unreal4.c:1121:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			else if (strlen(ipb64) == 24)
data/atheme-services-7.2.9/modules/protocol/unreal4.c:1255:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	const char mask_len = strlen(mask);
data/atheme-services-7.2.9/modules/saslserv/authcookie.c:50:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if(strlen(message) > 255)
data/atheme-services-7.2.9/modules/saslserv/authcookie.c:52:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len -= strlen(message) + 1;
data/atheme-services-7.2.9/modules/saslserv/authcookie.c:56:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	message += strlen(message) + 1;
data/atheme-services-7.2.9/modules/saslserv/authcookie.c:59:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if(strlen(message) > 255)
data/atheme-services-7.2.9/modules/saslserv/authcookie.c:61:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len -= strlen(message) + 1;
data/atheme-services-7.2.9/modules/saslserv/authcookie.c:65:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	message += strlen(message) + 1;
data/atheme-services-7.2.9/modules/saslserv/authcookie.c:68:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if(strlen(message) > 255)
data/atheme-services-7.2.9/modules/saslserv/main.c:287:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(smsg->buf);
data/atheme-services-7.2.9/modules/saslserv/main.c:393:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if(l + strlen(mptr->name) > buflen)
data/atheme-services-7.2.9/modules/saslserv/main.c:396:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ptr += strlen(mptr->name);
data/atheme-services-7.2.9/modules/saslserv/main.c:398:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		l += strlen(mptr->name) + 1;
data/atheme-services-7.2.9/modules/saslserv/main.c:486:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				sasl_write(p->uid, temp, strlen(temp));
data/atheme-services-7.2.9/modules/scripting/perl/api/perl_hooks_extra.h:28:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		hv_store(hash, argname, strlen(argname), sv_tmp, 0);
data/atheme-services-7.2.9/modules/transport/jsonrpc/jsonrpclib.c:148:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(buf);
data/atheme-services-7.2.9/modules/transport/jsonrpc/main.c:303:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		hd->replybuf = srealloc(hd->replybuf, strlen(hd->replybuf) + strlen(newmessage) + 2);
data/atheme-services-7.2.9/modules/transport/jsonrpc/main.c:303:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		hd->replybuf = srealloc(hd->replybuf, strlen(hd->replybuf) + strlen(newmessage) + 2);
data/atheme-services-7.2.9/modules/transport/jsonrpc/main.c:304:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p = hd->replybuf + strlen(hd->replybuf);
data/atheme-services-7.2.9/modules/transport/jsonrpc/main.c:309:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		hd->replybuf = smalloc(strlen(newmessage) + 1);
data/atheme-services-7.2.9/modules/transport/jsonrpc/main.c:371:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (*accountname != '\0' && strlen(cookie) > 1)
data/atheme-services-7.2.9/modules/transport/jsonrpc/main.c:483:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (*accountname != '\0' && strlen(cookie) > 1)
data/atheme-services-7.2.9/modules/transport/jsonrpc/main.c:690:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len = strlen(str);
data/atheme-services-7.2.9/modules/transport/jsonrpc/main.c:700:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	sendq_add((connection_t *)conn, buf, strlen(buf));
data/atheme-services-7.2.9/modules/transport/xmlrpc/main.c:69:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	sendq_add(current_cptr, buf1, strlen(buf1));
data/atheme-services-7.2.9/modules/transport/xmlrpc/main.c:184:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		hd->replybuf = srealloc(hd->replybuf, strlen(hd->replybuf) + strlen(newmessage) + 2);
data/atheme-services-7.2.9/modules/transport/xmlrpc/main.c:184:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		hd->replybuf = srealloc(hd->replybuf, strlen(hd->replybuf) + strlen(newmessage) + 2);
data/atheme-services-7.2.9/modules/transport/xmlrpc/main.c:185:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p = hd->replybuf + strlen(hd->replybuf);
data/atheme-services-7.2.9/modules/transport/xmlrpc/main.c:190:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		hd->replybuf = smalloc(strlen(newmessage) + 1);
data/atheme-services-7.2.9/modules/transport/xmlrpc/main.c:374:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (*parv[1] != '\0' && strlen(parv[0]) > 1)
data/atheme-services-7.2.9/modules/transport/xmlrpc/main.c:468:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (*parv[1] != '\0' && strlen(parv[0]) > 1)
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:330:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s->append(s, buf, strlen(buf));
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:333:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s->append(s, ss, strlen(ss));
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:335:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s->append(s, buf, strlen(buf));
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:337:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s->append(s, ss, strlen(ss));
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:340:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s->append(s, ss, strlen(ss));
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:347:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		s2 = smalloc(strlen(header) + len + 1);
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:349:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		memcpy(s2 + strlen(header), s->str, len);
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:350:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		xmlrpc.setbuffer(s2, len + strlen(header));
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:403:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s->append(s, buf, strlen(buf));
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:409:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		s->append(s, ss, strlen(ss));
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:411:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		s->append(s, ss, strlen(ss));
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:413:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		s->append(s, ss, strlen(ss));
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:418:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s->append(s, ss, strlen(ss));
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:425:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		s2 = smalloc(strlen(header) + len + 1);
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:427:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		memcpy(s2 + strlen(header), s->str, len);
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:428:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		xmlrpc.setbuffer(s2, len + strlen(header));
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:465:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s->append(s, buf, strlen(buf));
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:468:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s->append(s, ss, strlen(ss));
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:471:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s->append(s, ss, strlen(ss));
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:474:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s->append(s, ss, strlen(ss));
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:481:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		s2 = smalloc(strlen(header) + len + 1);
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:483:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		memcpy(s2 + strlen(header), s->str, len);
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:484:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		xmlrpc.setbuffer(s2, len + strlen(header));
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:601:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(buf);
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:613:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(buf);
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:757:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			s->append(s, buf2, strlen(buf2));
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:782:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(outbuffer, s->str, XMLRPC_BUFSIZE);
data/atheme-services-7.2.9/modules/transport/xmlrpc/xmlrpclib.c:802:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			s->append(s, buf2, strlen(buf2));
data/atheme-services-7.2.9/tools/createburst/createburst.c:50:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	memcpy(new_uid, SID, strlen(SID));
data/atheme-services-7.2.9/tools/createburst/createburst.c:52:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (i = 0; i < strlen(SID); i++)
data/atheme-services-7.2.9/tools/createburst/createburst.c:56:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (i = strlen(SID); i < uindex; i++)
data/atheme-services-7.2.9/tools/createburst/createburst.c:62:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (i != strlen(SID))	/* Not reached server SID portion yet? */
data/atheme-services-7.2.9/tools/createburst/createburst.c:77:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			for (i = strlen(SID); i < 9; i++)

ANALYSIS SUMMARY:

Hits = 1600
Lines analyzed = 133910 in approximately 3.71 seconds (36103 lines/second)
Physical Source Lines of Code (SLOC) = 93231
Hits@level = [0] 528 [1] 323 [2] 1106 [3]  10 [4] 161 [5]   0
Hits@level+ = [0+] 2128 [1+] 1600 [2+] 1277 [3+] 171 [4+] 161 [5+]   0
Hits/KSLOC@level+ = [0+] 22.825 [1+] 17.1617 [2+] 13.6972 [3+] 1.83415 [4+] 1.72689 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.