Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ax25mail-utils-0.13/axgetlist/calls.c
Examining data/ax25mail-utils-0.13/axgetlist/common.c
Examining data/ax25mail-utils-0.13/axgetlist/calls.h
Examining data/ax25mail-utils-0.13/axgetlist/auth.c
Examining data/ax25mail-utils-0.13/axgetlist/conbbs.h
Examining data/ax25mail-utils-0.13/axgetlist/axgetlist.c
Examining data/ax25mail-utils-0.13/axgetlist/conbbs.c
Examining data/ax25mail-utils-0.13/axgetlist/common.h
Examining data/ax25mail-utils-0.13/axgetlist/auth.h
Examining data/ax25mail-utils-0.13/ulistd/ulistd.c
Examining data/ax25mail-utils-0.13/axgetmail/axgetmsg.c
Examining data/ax25mail-utils-0.13/axgetmail/calls.c
Examining data/ax25mail-utils-0.13/axgetmail/common.c
Examining data/ax25mail-utils-0.13/axgetmail/lzhuf.h
Examining data/ax25mail-utils-0.13/axgetmail/readmsg.h
Examining data/ax25mail-utils-0.13/axgetmail/axgetmail.c
Examining data/ax25mail-utils-0.13/axgetmail/calls.h
Examining data/ax25mail-utils-0.13/axgetmail/getmsg.h
Examining data/ax25mail-utils-0.13/axgetmail/auth.c
Examining data/ax25mail-utils-0.13/axgetmail/lzhuf.c
Examining data/ax25mail-utils-0.13/axgetmail/conbbs.h
Examining data/ax25mail-utils-0.13/axgetmail/conbbs.c
Examining data/ax25mail-utils-0.13/axgetmail/common.h
Examining data/ax25mail-utils-0.13/axgetmail/readmsg.c
Examining data/ax25mail-utils-0.13/axgetmail/auth.h
Examining data/ax25mail-utils-0.13/axgetmail/getmsg.c
Examining data/ax25mail-utils-0.13/routes/update_routes.cc
Examining data/ax25mail-utils-0.13/routes/home_bbs.cc

FINAL RESULTS:

data/ax25mail-utils-0.13/axgetlist/auth.c:50:5:  [4] (shell) execlp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    execlp(AUTH_AGENT, AUTH_AGENT, bbscall, mycall, NULL);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:92:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
     sprintf(section, "[%s]", bbsname);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:287:47:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         else if (strcasecmp(tag, "TO") == 0) strcpy(dest, value);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:288:48:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         else if (strcasecmp(tag, "BBS") == 0) strcpy(bbs, value);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:289:49:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         else if (strcasecmp(tag, "FROM") == 0) strcpy(src, value);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:290:49:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         else if (strcasecmp(tag, "DATE") == 0) strcpy(date, value);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:292:49:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         else if (strcasecmp(tag, "SUBJ") == 0) strcpy(subj, value);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:385:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(result, "%i  %c %6i %-6s@%-6s %-6s %02i%02i%02i %s", msgnum,
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:437:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(s, "%s/%s", LISTPATH, bcall);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:472:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(s, "%s/%s", LISTPATH, bbs);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:557:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(bcall, call_call(bbscall));
data/ax25mail-utils-0.13/axgetlist/common.c:29:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stdout, fmt, argptr);
data/ax25mail-utils-0.13/axgetlist/common.c:69:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(c, call_call(call));
data/ax25mail-utils-0.13/axgetlist/common.c:71:18:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  if (ssid == 0) strcpy(call, c); else sprintf(call, "%s-%i", c, ssid);
data/ax25mail-utils-0.13/axgetlist/common.c:71:40:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  if (ssid == 0) strcpy(call, c); else sprintf(call, "%s-%i", c, ssid);
data/ax25mail-utils-0.13/axgetlist/common.c:81:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(c1, call_call(call1));
data/ax25mail-utils-0.13/axgetlist/common.c:82:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(c2, call_call(call2));
data/ax25mail-utils-0.13/axgetlist/conbbs.c:70:17:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
            n = sscanf(buf, "%s %s %i %i %i %s", pname, pcall, &speed,
data/ax25mail-utils-0.13/axgetlist/conbbs.c:74:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(call, pcall);
data/ax25mail-utils-0.13/axgetlist/conbbs.c:121:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
   sprintf(path, "%s %s", mycall, bcall);
data/ax25mail-utils-0.13/axgetlist/conbbs.c:157:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(mycall, _mycall); normalize_call(mycall);
data/ax25mail-utils-0.13/axgetlist/conbbs.c:158:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(bbspath, _dest);
data/ax25mail-utils-0.13/axgetmail/auth.c:50:5:  [4] (shell) execlp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    execlp(AUTH_AGENT, AUTH_AGENT, bbscall, mycall, NULL);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:61:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(home, pwdentry->pw_dir);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:72:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(name, "%s/%s/%s", user_home, homedir, bbs);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:84:19:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  if (p == NULL) {strcpy(bcall, bname); strcpy(bfwd, "*");}
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:88:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(bcall, bname);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:89:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(bfwd, p+1);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:125:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(pattern, "[%s", call);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:135:13:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
            sscanf(line, "%s %s", field, value); /* configuration entry */
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:136:48:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            if (strcmp(field, "HOMEDIR") == 0) strcpy(homedir, value);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:137:48:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            if (strcmp(field, "BLTCALL") == 0) strcpy(bltcall, value);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:198:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(bbspath, p);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:199:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(port_name, pname);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:226:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(name, "%s/%s/%s/%i", user_home, homedir, bbs, num);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:228:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(name, "%s/%s/%i", MAIL_PATH, bbs, num);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:270:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(dest_dir, "%s/%s/%s", user_home, homedir, bbscall);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:272:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(dest_dir, "%s/%s", MAIL_PATH, bbscall);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:307:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(name, "%s/%s", LIST_PATH, bbs);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:320:13:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
        if (sscanf(line, "%s %s %s %s %s", snum, flags, ssize, dest, fwd) == 5)
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:398:13:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
        if (sscanf(line, "%s %s", login, call) == 2)
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:401:39:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            if (call_ssid(call) == 0) strcat(call, ssid);
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:155:11:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
      n = fscanf(list, "%s", snum);
data/ax25mail-utils-0.13/axgetmail/common.c:27:29:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    if (level == MSG_ERROR) vfprintf(stderr, fmt, argptr);
data/ax25mail-utils-0.13/axgetmail/common.c:28:29:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                       else vfprintf(stdout, fmt, argptr);
data/ax25mail-utils-0.13/axgetmail/common.c:69:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(c, call_call(call));
data/ax25mail-utils-0.13/axgetmail/common.c:71:18:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  if (ssid == 0) strcpy(call, c); else sprintf(call, "%s-%i", c, ssid);
data/ax25mail-utils-0.13/axgetmail/common.c:71:40:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  if (ssid == 0) strcpy(call, c); else sprintf(call, "%s-%i", c, ssid);
data/ax25mail-utils-0.13/axgetmail/common.c:81:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(c1, call_call(call1));
data/ax25mail-utils-0.13/axgetmail/common.c:82:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(c2, call_call(call2));
data/ax25mail-utils-0.13/axgetmail/conbbs.c:70:17:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
            n = sscanf(buf, "%s %s %i %i %i %s", pname, pcall, &speed,
data/ax25mail-utils-0.13/axgetmail/conbbs.c:74:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(call, pcall);
data/ax25mail-utils-0.13/axgetmail/conbbs.c:121:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
   sprintf(path, "%s %s", mycall, bcall);
data/ax25mail-utils-0.13/axgetmail/conbbs.c:157:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(mycall, _mycall); normalize_call(mycall);
data/ax25mail-utils-0.13/axgetmail/conbbs.c:158:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(bbspath, _dest);
data/ax25mail-utils-0.13/axgetmail/getmsg.c:41:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(fname, "%s/%i", dest_dir, num);
data/ax25mail-utils-0.13/axgetmail/getmsg.c:101:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(prg_name, _prg_name);
data/ax25mail-utils-0.13/axgetmail/getmsg.c:114:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(dest_dir, destdir);
data/ax25mail-utils-0.13/axgetmail/getmsg.c:129:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(curr_call, mycall);
data/ax25mail-utils-0.13/axgetmail/getmsg.c:133:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(bbs_call, dest); normalize_call(bbs_call);
data/ax25mail-utils-0.13/axgetmail/readmsg.c:157:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
     strcpy(_subj, subj);
data/ax25mail-utils-0.13/routes/home_bbs.cc:34:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(call, src.call);
data/ax25mail-utils-0.13/routes/home_bbs.cc:35:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(route, src.route);
data/ax25mail-utils-0.13/routes/home_bbs.cc:76:17:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
        int n = sscanf(line, "%s %s %i %i %li", call, route, &count, &pcount, &ttime);
data/ax25mail-utils-0.13/routes/home_bbs.cc:100:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(newaddr.call, call);
data/ax25mail-utils-0.13/routes/home_bbs.cc:101:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(newaddr.route, route);
data/ax25mail-utils-0.13/routes/home_bbs.cc:128:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(newaddr.call, call);
data/ax25mail-utils-0.13/routes/home_bbs.cc:129:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(newaddr.route, route);
data/ax25mail-utils-0.13/routes/update_routes.cc:37:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(call, src.call);
data/ax25mail-utils-0.13/routes/update_routes.cc:38:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(route, src.route);
data/ax25mail-utils-0.13/routes/update_routes.cc:67:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(newaddr.call, call);
data/ax25mail-utils-0.13/routes/update_routes.cc:68:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(newaddr.route, route);
data/ax25mail-utils-0.13/routes/update_routes.cc:96:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(newaddr.call, call);
data/ax25mail-utils-0.13/routes/update_routes.cc:97:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(newaddr.route, route);
data/ax25mail-utils-0.13/routes/update_routes.cc:126:17:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
        int n = sscanf(line, "%s %s %i %i %li", call, route, &count, &pcount, &ttime);
data/ax25mail-utils-0.13/routes/update_routes.cc:146:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(fname, "%s/%s/%i", MAIL_PATH, bbs, num);
data/ax25mail-utils-0.13/routes/update_routes.cc:155:42:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        if (strncmp(line, "R:", 2) == 0) strcpy(rline, line);
data/ax25mail-utils-0.13/routes/update_routes.cc:189:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(fname, "%s/%s", LIST_PATH, bbs);
data/ax25mail-utils-0.13/routes/update_routes.cc:213:13:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
            sscanf(line, "%i %s %s %s %s %s", &num, flags, size, dest, from, zfrom);
data/ax25mail-utils-0.13/routes/update_routes.cc:214:33:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            if (from[0] == '@') strcpy(from, zfrom);
data/ax25mail-utils-0.13/ulistd/ulistd.c:350:7:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  r = system(cmd);
data/ax25mail-utils-0.13/ulistd/ulistd.c:373:7:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  r = system(cmd);
data/ax25mail-utils-0.13/ulistd/ulistd.c:420:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(path, "%s %s", mycall,bbs->port);
data/ax25mail-utils-0.13/ulistd/ulistd.c:649:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(to_call, ax25_ntoa((ax25_address *)buffer));
data/ax25mail-utils-0.13/ulistd/ulistd.c:650:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(from_call, ax25_ntoa((ax25_address *)(buffer+CALL_OFS)));
data/ax25mail-utils-0.13/ulistd/ulistd.c:653:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(to_call, ax25_ntoa((ax25_address *)data));
data/ax25mail-utils-0.13/ulistd/ulistd.c:654:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(from_call, ax25_ntoa((ax25_address *)(data+CALL_OFS)));
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:539:15:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
  while ((i = getopt(argc, argv, "b:s:hv")) != -1)
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:65:15:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
  while ((i = getopt(argc, argv, "p:c:b:f:d:vD")) != -1)
data/ax25mail-utils-0.13/ulistd/ulistd.c:569:15:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
  while ((i = getopt(argc, argv, "c:nlgm:vh")) != -1){
data/ax25mail-utils-0.13/axgetlist/auth.c:56:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[BUFSIZE];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:45:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char mycall[32];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:46:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char bbscall[32];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:47:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char bbsport[32];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:48:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char cmd_list[256];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:49:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char cmd_from[256];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:50:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char cmd_disc[256];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:52:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char format[256];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:53:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char datefmt[16];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:54:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *month[12];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:64:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char line[256];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:65:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char field[30];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:81:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen(CONFIG_FILE, "r");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:244:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dest[32];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:245:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char bbs[32];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:246:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char src[32];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:247:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char date[8];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:248:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char subj[256];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:249:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dd[8], dm[8], dy[8];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:254:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tag[32];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:255:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char value[256];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:283:52:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         if (strcasecmp(tag, "NUM") == 0) msgnum = atoi(value);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:286:56:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         else if (strcasecmp(tag, "SIZE") == 0) size = atoi(value);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:313:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         char pos[1024];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:324:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         position = atoi(pos);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:337:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(dd, "00"); sprintf(dm, "00");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:337:22:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(dd, "00"); sprintf(dm, "00");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:371:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(dm, "%i", i+1);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:391:64:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                                               atoi(dy),
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:392:64:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                                               atoi(dm),
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:393:64:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                                               atoi(dd),
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:434:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char s[256];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:438:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen(s, "r");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:453:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(s, "w");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:468:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char s[256];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:473:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(s, "a");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:496:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char snum[256];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:497:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(snum, "%i", from);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:528:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char bcall[32];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:529:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char s[256];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:530:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char line[256];
data/ax25mail-utils-0.13/axgetlist/common.c:39:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  if (*p) return atoi(p);
data/ax25mail-utils-0.13/axgetlist/common.c:45:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char s[15];
data/ax25mail-utils-0.13/axgetlist/common.c:65:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char c[8];
data/ax25mail-utils-0.13/axgetlist/common.c:79:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char c1[15];
data/ax25mail-utils-0.13/axgetlist/common.c:80:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char c2[15];
data/ax25mail-utils-0.13/axgetlist/conbbs.c:37:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char mycall[20];            /* my callsign */
data/ax25mail-utils-0.13/axgetlist/conbbs.c:38:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char bbscall[20];           /* BBS callsign */
data/ax25mail-utils-0.13/axgetlist/conbbs.c:39:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char bcall[20];             /* Base callsign of port */
data/ax25mail-utils-0.13/axgetlist/conbbs.c:40:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char bbspath[256];          /* path to BBS */
data/ax25mail-utils-0.13/axgetlist/conbbs.c:52:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[256];
data/ax25mail-utils-0.13/axgetlist/conbbs.c:56:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char descript[256];
data/ax25mail-utils-0.13/axgetlist/conbbs.c:57:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char pname[256];
data/ax25mail-utils-0.13/axgetlist/conbbs.c:58:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char pcall[256];
data/ax25mail-utils-0.13/axgetlist/conbbs.c:60:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen(AXPORTS, "r");
data/ax25mail-utils-0.13/axgetlist/conbbs.c:110:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char path[256];
data/ax25mail-utils-0.13/axgetmail/auth.c:56:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[BUFSIZE];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:42:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char bbscall[256];          /* BBS callsign (from cmdline) */
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:43:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char user_home[256];        /* user's home dir ($HOME) */
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:46:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char bltcall[20];           /* callsign for bulletins */
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:49:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char homedir[256];          /* home directory of LinPac ($HOME/homedir) */
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:50:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char port_name[256];        /* port name */
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:51:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char bbspath[256];          /* connect path to BBS */
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:52:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char bulletin[MAX_BLTNS][20]; /* bulletin names */
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:70:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[256];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:80:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char bcall[35];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:81:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char bfwd[20];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:104:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char pattern[256];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:105:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char line[256];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:106:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char pname[256];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:108:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char field[30];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:109:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char value[64];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:117:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen(CONFIG_FILE, "r");
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:223:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[256];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:268:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dest_dir[256];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:291:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[256];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:292:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char line[256];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:293:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char snum[20];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:294:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char flags[5];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:295:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ssize[20];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:296:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dest[35];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:297:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fwd[20];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:308:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen(name, "r");
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:336:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if (!check_download(atoi(snum), dest, fwd, priv, call)) break; /* download problems - break */
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:382:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen(AX25_CALLS, "r"); /* read callsigns and logins */
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:385:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[256];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:386:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char call[30];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:387:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ssid[5];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:388:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char login[256];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:390:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(ssid, "-%i", perssid);
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:26:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char mycall[20];            /* my callsign */
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:27:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char bbscall[20];           /* BBS callsign */
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:28:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char bbspath[256];          /* path to BBS */
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:30:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char port_name[32];         /* port name */
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:31:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char dest_dir[256];         /* destination directory */
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:32:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char listfile[256];         /* name of the list file */
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:141:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    list = fopen(listfile, "r");
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:149:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char snum[256];
data/ax25mail-utils-0.13/axgetmail/common.c:39:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  if (*p) return atoi(p);
data/ax25mail-utils-0.13/axgetmail/common.c:45:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char s[15];
data/ax25mail-utils-0.13/axgetmail/common.c:65:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char c[8];
data/ax25mail-utils-0.13/axgetmail/common.c:79:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char c1[15];
data/ax25mail-utils-0.13/axgetmail/common.c:80:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char c2[15];
data/ax25mail-utils-0.13/axgetmail/conbbs.c:37:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char mycall[20];            /* my callsign */
data/ax25mail-utils-0.13/axgetmail/conbbs.c:38:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char bbscall[20];           /* BBS callsign */
data/ax25mail-utils-0.13/axgetmail/conbbs.c:39:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char bcall[20];             /* Base callsign of port */
data/ax25mail-utils-0.13/axgetmail/conbbs.c:40:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char bbspath[256];          /* path to BBS */
data/ax25mail-utils-0.13/axgetmail/conbbs.c:52:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[256];
data/ax25mail-utils-0.13/axgetmail/conbbs.c:56:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char descript[256];
data/ax25mail-utils-0.13/axgetmail/conbbs.c:57:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char pname[256];
data/ax25mail-utils-0.13/axgetmail/conbbs.c:58:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char pcall[256];
data/ax25mail-utils-0.13/axgetmail/conbbs.c:60:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen(AXPORTS, "r");
data/ax25mail-utils-0.13/axgetmail/conbbs.c:110:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char path[256];
data/ax25mail-utils-0.13/axgetmail/getmsg.c:31:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char dest_dir[256];         /* destination directory */
data/ax25mail-utils-0.13/axgetmail/getmsg.c:32:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char prg_name[256];         /* program name (for tag) */
data/ax25mail-utils-0.13/axgetmail/getmsg.c:33:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char curr_call[20];         /* currently used callsign */
data/ax25mail-utils-0.13/axgetmail/getmsg.c:38:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fname[256];
data/ax25mail-utils-0.13/axgetmail/getmsg.c:45:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen(fname, "w");
data/ax25mail-utils-0.13/axgetmail/getmsg.c:108:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char subj[256];
data/ax25mail-utils-0.13/axgetmail/getmsg.c:111:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char bbs_call[255];
data/ax25mail-utils-0.13/axgetmail/lzhuf.c:96:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char p_len[64] = {
data/ax25mail-utils-0.13/axgetmail/lzhuf.c:107:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char p_code[64] = {
data/ax25mail-utils-0.13/axgetmail/lzhuf.c:119:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char d_code[256] = {
data/ax25mail-utils-0.13/axgetmail/lzhuf.c:154:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char d_len[256] = {
data/ax25mail-utils-0.13/axgetmail/readmsg.c:45:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char ofset[7];
data/ax25mail-utils-0.13/axgetmail/readmsg.c:143:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char subj[256];
data/ax25mail-utils-0.13/axgetmail/readmsg.c:166:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
     strcpy(_subj, "Message is inaccessible");
data/ax25mail-utils-0.13/routes/home_bbs.cc:22:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char call[10];
data/ax25mail-utils-0.13/routes/home_bbs.cc:23:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char route[36];
data/ax25mail-utils-0.13/routes/home_bbs.cc:62:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *f = fopen(OUT_FILE, "r");
data/ax25mail-utils-0.13/routes/home_bbs.cc:66:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[256];
data/ax25mail-utils-0.13/routes/home_bbs.cc:67:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char call[256];
data/ax25mail-utils-0.13/routes/home_bbs.cc:68:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char route[256];
data/ax25mail-utils-0.13/routes/home_bbs.cc:206:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *f = fopen(OUT_FILE, "w");
data/ax25mail-utils-0.13/routes/update_routes.cc:25:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char call[10];
data/ax25mail-utils-0.13/routes/update_routes.cc:26:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char route[36];
data/ax25mail-utils-0.13/routes/update_routes.cc:112:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *f = fopen(OUT_FILE, "r");
data/ax25mail-utils-0.13/routes/update_routes.cc:116:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[256];
data/ax25mail-utils-0.13/routes/update_routes.cc:117:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char call[256];
data/ax25mail-utils-0.13/routes/update_routes.cc:118:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char route[256];
data/ax25mail-utils-0.13/routes/update_routes.cc:143:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fname[256];
data/ax25mail-utils-0.13/routes/update_routes.cc:144:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char line[256], rline[256];
data/ax25mail-utils-0.13/routes/update_routes.cc:147:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *f = fopen(fname, "r");
data/ax25mail-utils-0.13/routes/update_routes.cc:182:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char bbs[35];
data/ax25mail-utils-0.13/routes/update_routes.cc:184:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fname[1024];
data/ax25mail-utils-0.13/routes/update_routes.cc:190:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen(fname, "r");
data/ax25mail-utils-0.13/routes/update_routes.cc:199:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[256];
data/ax25mail-utils-0.13/routes/update_routes.cc:200:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char route[256];
data/ax25mail-utils-0.13/routes/update_routes.cc:201:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char flags[10];
data/ax25mail-utils-0.13/routes/update_routes.cc:202:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char size[20];
data/ax25mail-utils-0.13/routes/update_routes.cc:203:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dest[36];
data/ax25mail-utils-0.13/routes/update_routes.cc:204:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char from[10];
data/ax25mail-utils-0.13/routes/update_routes.cc:205:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char zfrom[10];
data/ax25mail-utils-0.13/routes/update_routes.cc:244:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *f = fopen(OUT_FILE, "w");
data/ax25mail-utils-0.13/ulistd/ulistd.c:139:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char mycall[20];             /* my callsign */
data/ax25mail-utils-0.13/ulistd/ulistd.c:156:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if(!atoi(p+1)) *p='\0';
data/ax25mail-utils-0.13/ulistd/ulistd.c:164:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char s[7];
data/ax25mail-utils-0.13/ulistd/ulistd.c:191:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char s[256],*port=NULL;
data/ax25mail-utils-0.13/ulistd/ulistd.c:194:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if(!(config=fopen(CONFIG,"r"))) return(0);;
data/ax25mail-utils-0.13/ulistd/ulistd.c:244:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char s[256];
data/ax25mail-utils-0.13/ulistd/ulistd.c:249:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if((f=fopen(s,"r"))){
data/ax25mail-utils-0.13/ulistd/ulistd.c:254:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if(!(f=fopen(s,"w"))){
data/ax25mail-utils-0.13/ulistd/ulistd.c:266:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char s[256];
data/ax25mail-utils-0.13/ulistd/ulistd.c:269:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen(s, "a");
data/ax25mail-utils-0.13/ulistd/ulistd.c:343:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cmd[1024];
data/ax25mail-utils-0.13/ulistd/ulistd.c:363:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cmd[1024];
data/ax25mail-utils-0.13/ulistd/ulistd.c:392:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[30];
data/ax25mail-utils-0.13/ulistd/ulistd.c:393:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char msg[30];
data/ax25mail-utils-0.13/ulistd/ulistd.c:414:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(msg,"? %08X%02X",bbs->last,sum&0xFF);
data/ax25mail-utils-0.13/ulistd/ulistd.c:454:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char s1[256], s2[256];
data/ax25mail-utils-0.13/ulistd/ulistd.c:475:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char s[20];
data/ax25mail-utils-0.13/ulistd/ulistd.c:476:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(s, "%i  !", msgnum);
data/ax25mail-utils-0.13/ulistd/ulistd.c:556:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[1024],*p,*l;
data/ax25mail-utils-0.13/ulistd/ulistd.c:565:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char from_call[20];
data/ax25mail-utils-0.13/ulistd/ulistd.c:566:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char to_call[20];
data/ax25mail-utils-0.13/ulistd/ulistd.c:575:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
       case 'm': minmsg = atoi(optarg); break;
data/ax25mail-utils-0.13/axgetlist/auth.c:67:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      r1 = read(pipe_in[0], buf, BUFSIZE);
data/ax25mail-utils-0.13/axgetlist/auth.c:81:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        r2 = read(descin, buf, BUFSIZE);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:37:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define EX_EOLN(x) if (x[strlen(x)-1] == '\n') x[strlen(x)-1] = '\0'
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:37:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define EX_EOLN(x) if (x[strlen(x)-1] == '\n') x[strlen(x)-1] = '\0'
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:38:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define EX_EOLNCR(x) if (x[strlen(x)-1] == '\r') x[strlen(x)-1] = '\0'
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:38:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define EX_EOLNCR(x) if (x[strlen(x)-1] == '\r') x[strlen(x)-1] = '\0'
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:69:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(mycall, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:70:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(bbscall, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:71:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(bbsport, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:72:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(cmd_list, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:73:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(cmd_from, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:74:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(cmd_disc, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:76:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(format, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:77:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(datefmt, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:91:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     section = (char *) malloc((strlen(bbsname)+3)*sizeof(char));
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:96:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
     strcpy(line, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:114:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(line, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:125:13:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
            strcpy(field, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:127:42:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
            while (*p && !isspace(*p)) { strncat(field, p, 1); p++; }
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:130:47:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            if (strcmp(field, "MYCALL") == 0) strncpy(mycall, p, 31);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:131:48:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            if (strcmp(field, "BBSCALL") == 0) strncpy(bbscall, p, 31);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:132:48:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            if (strcmp(field, "BBSPORT") == 0) strncpy(bbsport, p, 31);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:133:49:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            if (strcmp(field, "CMD_LIST") == 0) strncpy(cmd_list, p, 255);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:134:54:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            if (strcmp(field, "CMD_LIST_FROM") == 0) strncpy(cmd_from, p, 255);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:135:49:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            if (strcmp(field, "CMD_DISC") == 0) strncpy(cmd_disc, p, 255);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:142:47:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            if (strcmp(field, "FORMAT") == 0) strncpy(format, p, 255);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:143:48:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            if (strcmp(field, "DATEFMT") == 0) strncpy(datefmt, p, 15);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:170:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(mycall) == 0)
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:176:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(bbscall) == 0)
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:182:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(bbscall) == 0)
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:188:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(cmd_list) == 0)
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:194:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(cmd_from) == 0)
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:200:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(cmd_disc) == 0)
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:212:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(format) == 0)
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:218:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(datefmt) == 0)
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:269:10:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
         strcpy(value, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:273:15:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
              strncat(value, q, 1); /* copy the rest */
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:279:15:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
              strncat(value, q, 1);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:285:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
           if (strlen(value) >= bpfpos) flag = value[bpfpos-1]; else flag = '#';
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:300:13:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
       else strncat(tag, p, 1);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:309:10:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
         strcpy(tag, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:317:10:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
         strcpy(pos, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:319:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         while (*p && isdigit(*p) && strlen(pos) < 1022)
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:345:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(dd, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:348:10:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
       { strncat(dd, q, 1); q++; p++; }
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:354:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(dm, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:357:10:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
       { strncat(dm, q, 1); q++; p++; }
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:364:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(dm, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:367:10:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
       { strncat(dm, q, 1); q++; p++; }
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:379:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(dy, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:382:10:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
       { strncat(dy, q, 1); q++; p++; }
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:418:13:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    do ch = fgetc(stream); while (ch == EOF && (errno == EINTR || errno == EAGAIN));
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:517:11:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  do ch = fgetc(stream); while (ch != -1 || errno != ENOTCONN);
data/ax25mail-utils-0.13/axgetlist/common.c:47:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(s, "");
data/ax25mail-utils-0.13/axgetlist/common.c:48:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  while (*p && isalnum(*p) && strlen(s) < 6) {strncat(s, p, 1); p++;}
data/ax25mail-utils-0.13/axgetlist/common.c:48:47:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
  while (*p && isalnum(*p) && strlen(s) < 6) {strncat(s, p, 1); p++;}
data/ax25mail-utils-0.13/axgetlist/common.c:92:10:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ch = fgetc(f);
data/ax25mail-utils-0.13/axgetlist/conbbs.c:64:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(buf, "");
data/ax25mail-utils-0.13/axgetlist/conbbs.c:67:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(buf) != 0 && buf[0] != '#')
data/ax25mail-utils-0.13/axgetmail/auth.c:67:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      r1 = read(pipe_in[0], buf, BUFSIZE);
data/ax25mail-utils-0.13/axgetmail/auth.c:81:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        r2 = read(descin, buf, BUFSIZE);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:40:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define EX_EOLN(x) if (x[strlen(x)-1] == '\n') x[strlen(x)-1] = '\0'
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:40:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define EX_EOLN(x) if (x[strlen(x)-1] == '\n') x[strlen(x)-1] = '\0'
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:84:41:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  if (p == NULL) {strcpy(bcall, bname); strcpy(bfwd, "*");}
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:112:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(bltcall, "");
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:113:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(homedir, "");
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:128:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(line, "");
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:155:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if (strncasecmp(line, pattern, strlen(pattern)) == 0 &&
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:156:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                (line[strlen(pattern)] == '-' || line[strlen(pattern)] == ']'))
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:156:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                (line[strlen(pattern)] == '-' || line[strlen(pattern)] == ']'))
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:165:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(homedir) == 0)
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:171:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(bltcall) == 0)
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:205:9:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
        strcpy(bulletin[num_bulletins], "");
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:209:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(bulletin[num_bulletins]) > 0 &&
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:317:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(line, "");
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:329:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(fwd, p+1, 9);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:333:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (fwd[0] == '@') memmove(fwd, fwd+1, strlen(fwd));
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:334:18:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
            else strcpy(fwd, "");
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:358:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(bbscall, argv[1], 19);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:394:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(line, "");
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:39:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(value) == 0)
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:59:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(port_name, "");
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:60:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(mycall, "");
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:61:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(bbspath, "");
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:62:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(listfile, "");
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:63:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(dest_dir, "");
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:68:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      case 'p': strncpy(port_name, optarg, 31);
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:70:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      case 'c': strncpy(mycall, optarg, 19);
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:73:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      case 'b': strncpy(bbspath, optarg, 255);
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:75:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      case 'f': strncpy(listfile, optarg, 255);
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:77:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      case 'd': strncpy(dest_dir, optarg, 255);
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:91:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(dest_dir) == 0) strcpy(dest_dir, ".");
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:91:30:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  if (strlen(dest_dir) == 0) strcpy(dest_dir, ".");
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:100:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(listfile) == 0)
data/ax25mail-utils-0.13/axgetmail/common.c:47:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(s, "");
data/ax25mail-utils-0.13/axgetmail/common.c:48:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  while (*p && isalnum(*p) && strlen(s) < 6) {strncat(s, p, 1); p++;}
data/ax25mail-utils-0.13/axgetmail/common.c:48:47:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
  while (*p && isalnum(*p) && strlen(s) < 6) {strncat(s, p, 1); p++;}
data/ax25mail-utils-0.13/axgetmail/common.c:92:10:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ch = fgetc(f);
data/ax25mail-utils-0.13/axgetmail/conbbs.c:64:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(buf, "");
data/ax25mail-utils-0.13/axgetmail/conbbs.c:67:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(buf) != 0 && buf[0] != '#')
data/ax25mail-utils-0.13/axgetmail/readmsg.c:71:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(title, "");
data/ax25mail-utils-0.13/axgetmail/readmsg.c:76:20:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    if (ch != NUL) strncat(title, (char *)&c, 1);
data/ax25mail-utils-0.13/axgetmail/readmsg.c:82:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy((char *)ofset, "");
data/ax25mail-utils-0.13/axgetmail/readmsg.c:87:20:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    if (ch != NUL) strncat((char *)ofset, (char *)&c, 1);
data/ax25mail-utils-0.13/axgetmail/readmsg.c:165:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     *_len = strlen(error_msg);
data/ax25mail-utils-0.13/routes/home_bbs.cc:44:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(call, "");
data/ax25mail-utils-0.13/routes/home_bbs.cc:45:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(route, "");
data/ax25mail-utils-0.13/routes/home_bbs.cc:73:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(line, "");
data/ax25mail-utils-0.13/routes/home_bbs.cc:79:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(newaddr.call, call, 10);
data/ax25mail-utils-0.13/routes/home_bbs.cc:80:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(newaddr.route, route, 35);
data/ax25mail-utils-0.13/routes/update_routes.cc:47:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(call, "");
data/ax25mail-utils-0.13/routes/update_routes.cc:48:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(route, "");
data/ax25mail-utils-0.13/routes/update_routes.cc:123:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(line, "");
data/ax25mail-utils-0.13/routes/update_routes.cc:129:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(newaddr.call, call, 10);
data/ax25mail-utils-0.13/routes/update_routes.cc:130:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(newaddr.route, route, 35);
data/ax25mail-utils-0.13/routes/update_routes.cc:150:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(rline, "");
data/ax25mail-utils-0.13/routes/update_routes.cc:186:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(bbs, bbsname, 34);
data/ax25mail-utils-0.13/routes/update_routes.cc:208:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(line, "");
data/ax25mail-utils-0.13/routes/update_routes.cc:211:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(line) > 0)
data/ax25mail-utils-0.13/ulistd/ulistd.c:197:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if((*s!='#')&&(strlen(s))){
data/ax25mail-utils-0.13/ulistd/ulistd.c:432:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (sendto(s, msg, strlen(msg), 0, (struct sockaddr *)&addr, len) == -1)
data/ax25mail-utils-0.13/ulistd/ulistd.c:460:5:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
  n=sscanf(line,"%i %255s %255s",&msgnum,s1,s2);
data/ax25mail-utils-0.13/ulistd/ulistd.c:571:18:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
       case 'c': strncpy(mycall, optarg, 15); break;
data/ax25mail-utils-0.13/ulistd/ulistd.c:592:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(mycall) == 0){

ANALYSIS SUMMARY:

Hits = 390
Lines analyzed = 4754 in approximately 0.20 seconds (24065 lines/second)
Physical Source Lines of Code (SLOC) = 3641
Hits@level = [0]  61 [1] 124 [2] 176 [3]   3 [4]  87 [5]   0
Hits@level+ = [0+] 451 [1+] 390 [2+] 266 [3+]  90 [4+]  87 [5+]   0
Hits/KSLOC@level+ = [0+] 123.867 [1+] 107.113 [2+] 73.0569 [3+] 24.7185 [4+] 23.8945 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.