Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/axmail-2.11.1/mbox.c Examining data/axmail-2.11.1/lock.h Examining data/axmail-2.11.1/axmail.h Examining data/axmail-2.11.1/setpwnam.h Examining data/axmail-2.11.1/head.c Examining data/axmail-2.11.1/head.h Examining data/axmail-2.11.1/mbox.h Examining data/axmail-2.11.1/mailcmd.h Examining data/axmail-2.11.1/config.h Examining data/axmail-2.11.1/lock.c Examining data/axmail-2.11.1/axmail.c Examining data/axmail-2.11.1/adduser.h Examining data/axmail-2.11.1/adduser.c Examining data/axmail-2.11.1/quit.c Examining data/axmail-2.11.1/setpwnam.c Examining data/axmail-2.11.1/quit.h Examining data/axmail-2.11.1/config.c Examining data/axmail-2.11.1/command.h Examining data/axmail-2.11.1/command.c Examining data/axmail-2.11.1/utils.c Examining data/axmail-2.11.1/mailcmd.c Examining data/axmail-2.11.1/utils.h Examining data/axmail-2.11.1/defines.h FINAL RESULTS: data/axmail-2.11.1/adduser.c:136:6: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. chown(p, uid, user_gid); data/axmail-2.11.1/adduser.c:137:6: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(p, S_IRUSR|S_IWUSR|S_IXUSR); data/axmail-2.11.1/adduser.c:186:3: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. chown(USERPROFILE, uid, user_gid); data/axmail-2.11.1/setpwnam.c:82:9: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown (PTMP_FILE, (uid_t) 0, (gid_t) 0) < 0) data/axmail-2.11.1/adduser.c:46:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(passw, crypt(passi, "ax")); /* Okay, salt _should_ be random... */ data/axmail-2.11.1/adduser.c:46:16: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. strcpy(passw, crypt(passi, "ax")); /* Okay, salt _should_ be random... */ data/axmail-2.11.1/adduser.c:70:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(homedir, "%s/%s", def_homedir, newuser); data/axmail-2.11.1/adduser.c:71:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(userdir, homedir); data/axmail-2.11.1/adduser.c:77:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fullname, newuser); data/axmail-2.11.1/adduser.c:191:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "%s -oem %s@%s < %s", BIN_AXMAIL_SENDMAIL, newuser, hostname, WELCOME); data/axmail-2.11.1/adduser.c:192:17: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(str); data/axmail-2.11.1/axmail.c:170:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(callsign, call); data/axmail-2.11.1/axmail.c:171:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(username, callsign); data/axmail-2.11.1/axmail.c:197:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(username, pw->pw_name); data/axmail-2.11.1/axmail.c:198:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(callsign, username); data/axmail-2.11.1/axmail.c:202:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fullname, pw->pw_gecos); data/axmail-2.11.1/axmail.c:204:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fullname, strtok(pw->pw_gecos, ",")); data/axmail-2.11.1/axmail.c:218:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(axhome, "%s/%s", def_homedir, username); data/axmail-2.11.1/axmail.c:229:38: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. if (strcmp(pw->pw_passwd, (char *)crypt(pass, salt))) { data/axmail-2.11.1/command.c:58:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fullname, name); data/axmail-2.11.1/command.c:77:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(forward, "%s/.forward", homedir); data/axmail-2.11.1/command.c:102:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(signature, "%s/.signature", homedir); data/axmail-2.11.1/command.c:136:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fname, DATA_AXMAIL_HELP_DIR); data/axmail-2.11.1/command.c:146:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fname, argv[1]); data/axmail-2.11.1/config.c:243:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pat, "%s/mail", homedir); data/axmail-2.11.1/config.c:246:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pat, "%s/axM%05d", maildir, pid); data/axmail-2.11.1/config.c:248:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pat, "%s/axnewM%05d", maildir, pid); data/axmail-2.11.1/config.c:250:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pat, "%s/axE%05d", maildir, pid); data/axmail-2.11.1/config.c:252:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pat, "%s/axT%05d", maildir, pid); data/axmail-2.11.1/config.c:255:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pat, "%s/mbox", homedir); data/axmail-2.11.1/config.c:258:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pat, "%s%s", DATA_AXMAIL_MAIL_DIR, username); data/axmail-2.11.1/mailcmd.c:124:26: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "%s -oem -t < %s", BIN_AXMAIL_SENDMAIL, tempMesg); data/axmail-2.11.1/mailcmd.c:125:26: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(str); data/axmail-2.11.1/mailcmd.c:347:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer,"%s/.signature", homedir); data/axmail-2.11.1/mailcmd.c:397:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "%s -N success,delay,failure -oem -t < %s", BIN_AXMAIL_SENDMAIL, tempMesg); data/axmail-2.11.1/mailcmd.c:398:4: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(str); data/axmail-2.11.1/mailcmd.c:401:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "%s -oem -t < %s", BIN_AXMAIL_SENDMAIL, tempMesg); data/axmail-2.11.1/mailcmd.c:402:4: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(str); data/axmail-2.11.1/mailcmd.c:536:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer,"%s/.signature", homedir); data/axmail-2.11.1/mailcmd.c:585:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "%s -N success,delay,failure -oem -t < %s", BIN_AXMAIL_SENDMAIL, tempMesg); data/axmail-2.11.1/mailcmd.c:586:25: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(str); data/axmail-2.11.1/mailcmd.c:589:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "%s -oem -t < %s", BIN_AXMAIL_SENDMAIL, tempMesg); data/axmail-2.11.1/mailcmd.c:590:25: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(str); data/axmail-2.11.1/mailcmd.c:827:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "%s -oem -t < %s", BIN_AXMAIL_SENDMAIL, tempMesg); data/axmail-2.11.1/mailcmd.c:828:17: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(str); data/axmail-2.11.1/quit.c:173:16: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (status) sprintf(buf, "Status: %s\n", status); data/axmail-2.11.1/quit.c:177:20: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (status) sprintf(buf, "Status: %s\n", status); data/axmail-2.11.1/setpwnam.c:162:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (dup, str); data/axmail-2.11.1/utils.c:30:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(forward, email); data/axmail-2.11.1/utils.c:38:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(signature, email); data/axmail-2.11.1/utils.c:74:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(uname, nam); data/axmail-2.11.1/utils.c:151:2: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(fmt, args); data/axmail-2.11.1/utils.c:153:2: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(LOG_NOTICE, fmt, args); data/axmail-2.11.1/utils.c:168:2: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(fmt, args); data/axmail-2.11.1/adduser.c:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char passi[12]; data/axmail-2.11.1/adduser.c:56:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char homedir[256], userdir[256]; data/axmail-2.11.1/adduser.c:57:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/axmail-2.11.1/adduser.c:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subdir[4]; data/axmail-2.11.1/adduser.c:59:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char passw[20]; data/axmail-2.11.1/adduser.c:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[LINESIZE + 1]; data/axmail-2.11.1/adduser.c:92:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd_l = open(LOCK_AXMAIL_FILE, O_CREAT | O_APPEND, S_IRUSR | S_IWUSR); data/axmail-2.11.1/adduser.c:151:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(PASSWDFILE, "a+"); data/axmail-2.11.1/adduser.c:173:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd_a = open(CONF_AXMAIL_PROF_FILE, O_RDONLY); data/axmail-2.11.1/adduser.c:177:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd_b = open(USERPROFILE, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR|S_IXUSR); data/axmail-2.11.1/axmail.c:130:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[32]; data/axmail-2.11.1/axmail.c:162:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pass[13], salt[3]; data/axmail-2.11.1/axmail.c:164:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char axhome[64]; data/axmail-2.11.1/command.c:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/axmail-2.11.1/command.c:71:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fwd[79]; data/axmail-2.11.1/command.c:72:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char forward[79]; data/axmail-2.11.1/command.c:79:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fptr = fopen(fwdfile, "w+"); data/axmail-2.11.1/command.c:96:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sig[79]; data/axmail-2.11.1/command.c:97:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char signature[79]; data/axmail-2.11.1/command.c:104:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fptr = fopen(sigfile, "w+"); data/axmail-2.11.1/command.c:120:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[80], line[256]; data/axmail-2.11.1/command.c:138:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(fname, "info.hlp"); data/axmail-2.11.1/command.c:142:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(fname, "help.hlp"); data/axmail-2.11.1/command.c:147:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(fname, ".hlp"); data/axmail-2.11.1/command.c:150:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(fname, "r")) == NULL) { data/axmail-2.11.1/config.c:19:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char callsign[20]; data/axmail-2.11.1/config.c:20:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char username[20]; data/axmail-2.11.1/config.c:21:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullname[31]; data/axmail-2.11.1/config.c:119:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). user_gid = atoi(argv[1]); data/axmail-2.11.1/config.c:151:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). first_uid = atoi(argv[1]); data/axmail-2.11.1/config.c:159:13: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). last_uid = atol(argv[1]); data/axmail-2.11.1/config.c:167:16: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). IdleTimeout = atol(argv[1]); data/axmail-2.11.1/config.c:237:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pat[PATHSIZE]; data/axmail-2.11.1/config.c:276:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[256]; data/axmail-2.11.1/config.c:279:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(CONF_AXMAIL_FILE, "r")) == NULL) { data/axmail-2.11.1/config.h:7:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char callsign[20]; data/axmail-2.11.1/config.h:8:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char username[20]; data/axmail-2.11.1/config.h:9:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char fullname[31]; data/axmail-2.11.1/config.h:10:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char forward[79]; data/axmail-2.11.1/config.h:37:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char mboxname[PATHSIZE]; data/axmail-2.11.1/head.c:40:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char parbuf[LINESIZE]; data/axmail-2.11.1/head.c:71:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char word[LINESIZE]; data/axmail-2.11.1/mailcmd.c:54:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *myargv[64]; data/axmail-2.11.1/mailcmd.c:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[2000]; data/axmail-2.11.1/mailcmd.c:64:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str [LINESIZE + 1]; data/axmail-2.11.1/mailcmd.c:85:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(myargv[1], "echo"); data/axmail-2.11.1/mailcmd.c:86:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(myargv[1], "%i", current); data/axmail-2.11.1/mailcmd.c:91:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). msg = atoi(myargv[i]); data/axmail-2.11.1/mailcmd.c:95:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxmsg = atoi(++tmpbuf); data/axmail-2.11.1/mailcmd.c:111:37: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(tempMesg, "w"); data/axmail-2.11.1/mailcmd.c:145:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[LINESIZE + 1]; data/axmail-2.11.1/mailcmd.c:146:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cc[LINESIZE + 1]; data/axmail-2.11.1/mailcmd.c:147:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bcc[LINESIZE + 1]; data/axmail-2.11.1/mailcmd.c:161:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(argv[0]); data/axmail-2.11.1/mailcmd.c:172:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(tempMesg, "w")) == NULL) { data/axmail-2.11.1/mailcmd.c:342:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[79 + 1]; data/axmail-2.11.1/mailcmd.c:343:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufferr[50 + 1]; data/axmail-2.11.1/mailcmd.c:348:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bufferr,"/etc/clamsmtpd.conf"); data/axmail-2.11.1/mailcmd.c:349:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stream = fopen(buffer, "r"); data/axmail-2.11.1/mailcmd.c:350:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). streamm = fopen(bufferr, "r"); data/axmail-2.11.1/mailcmd.c:424:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[LINESIZE + 1]; data/axmail-2.11.1/mailcmd.c:438:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(argv[0]); data/axmail-2.11.1/mailcmd.c:449:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(tempMesg, "w")) == NULL) { data/axmail-2.11.1/mailcmd.c:531:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[79 + 1]; data/axmail-2.11.1/mailcmd.c:532:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufferr[50 + 1]; data/axmail-2.11.1/mailcmd.c:537:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bufferr,"/etc/clamsmtpd.conf"); data/axmail-2.11.1/mailcmd.c:538:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stream = fopen(buffer, "r"); data/axmail-2.11.1/mailcmd.c:539:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). streamm = fopen(bufferr, "r"); data/axmail-2.11.1/mailcmd.c:610:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *myargv[64]; data/axmail-2.11.1/mailcmd.c:631:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(myargv[1], "%i", current); data/axmail-2.11.1/mailcmd.c:635:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). msg = atoi(myargv[i]) - 1; data/axmail-2.11.1/mailcmd.c:670:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *myargv[64]; data/axmail-2.11.1/mailcmd.c:691:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(myargv[1], "%i", current); data/axmail-2.11.1/mailcmd.c:695:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). msg = atoi(myargv[i]) - 1; data/axmail-2.11.1/mailcmd.c:729:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[LINESIZE + 1]; data/axmail-2.11.1/mailcmd.c:743:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(argv[1]); data/axmail-2.11.1/mailcmd.c:754:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(tempMesg, "w")) == NULL) { data/axmail-2.11.1/mbox.c:55:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = open(file, O_CREAT|O_EXCL|O_RDWR, 0600)) < 0) data/axmail-2.11.1/mbox.c:107:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[LINESIZE]; data/axmail-2.11.1/mbox.c:120:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((mbox = fopen(tempMail, "w")) == NULL) data/axmail-2.11.1/mbox.c:124:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ibuf = fopen(userbox, "r")) == NULL) goto sysbox; data/axmail-2.11.1/mbox.c:158:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ibuf = fopen(mailbox, "r")) == NULL) goto rdexit; data/axmail-2.11.1/mbox.c:201:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((mbox = fopen(tempMail, "r")) == NULL) data/axmail-2.11.1/mbox.c:295:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[LINESIZE]; data/axmail-2.11.1/mbox.c:301:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((mbox = fopen(tempMail, "r")) == NULL) { data/axmail-2.11.1/quit.c:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[LINESIZE]; data/axmail-2.11.1/quit.c:49:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mb = fopen(mailbox, "r"); data/axmail-2.11.1/quit.c:75:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((nm = fopen(tempNewMail, "w+")) == NULL) data/axmail-2.11.1/quit.c:89:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((tmp = fopen(tempMail, "r")) == NULL) data/axmail-2.11.1/quit.c:95:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ub = fopen(userbox, "w")) == NULL) { data/axmail-2.11.1/quit.c:220:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mb = fopen(mailbox, "r"); data/axmail-2.11.1/setpwnam.c:64:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (PTMPTMP_FILE, O_WRONLY|O_CREAT, 0644); data/axmail-2.11.1/utils.c:28:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char email[79]; data/axmail-2.11.1/utils.c:36:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char email[79]; data/axmail-2.11.1/utils.c:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nam[81]; data/axmail-2.11.1/utils.h:15:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char callsign[20]; data/axmail-2.11.1/adduser.c:36:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(passi) > 8) || (strlen(passi) < 6)) { data/axmail-2.11.1/adduser.c:36:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(passi) > 8) || (strlen(passi) < 6)) { data/axmail-2.11.1/adduser.c:68:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(subdir, newuser, 3); data/axmail-2.11.1/adduser.c:75:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(fullname) == 0) { data/axmail-2.11.1/adduser.c:83:11: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. case 0: strcpy(passw, "*"); data/axmail-2.11.1/adduser.c:87:11: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. case 2: strcpy(passw, ""); /* Yuck! */ data/axmail-2.11.1/adduser.c:182:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ( (cnt = read(fd_a, &buf, sizeof(buf))) > 0 ) data/axmail-2.11.1/axmail.c:136:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncasecmp(cmdp->name, argv[0], strlen(argv[0])) == 0) data/axmail-2.11.1/axmail.c:227:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(salt, pw->pw_passwd, 2); data/axmail-2.11.1/command.c:55:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) == 0) data/axmail-2.11.1/config.c:240:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(077); data/axmail-2.11.1/mailcmd.c:113:33: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (str, dot->from, LINESIZE); data/axmail-2.11.1/mailcmd.c:119:33: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (str, dot->subj, LINESIZE); data/axmail-2.11.1/mailcmd.c:184:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(str, " "); data/axmail-2.11.1/mailcmd.c:185:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(str, argv[i], LINESIZE - strlen(str)); data/axmail-2.11.1/mailcmd.c:185:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(str, argv[i], LINESIZE - strlen(str)); data/axmail-2.11.1/mailcmd.c:189:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, dot->from, LINESIZE); data/axmail-2.11.1/mailcmd.c:345:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t read; data/axmail-2.11.1/mailcmd.c:461:33: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(str, " "); data/axmail-2.11.1/mailcmd.c:462:25: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(str, argv[i], LINESIZE - strlen(str)); data/axmail-2.11.1/mailcmd.c:462:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(str, argv[i], LINESIZE - strlen(str)); data/axmail-2.11.1/mailcmd.c:466:25: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, dot->from, LINESIZE); data/axmail-2.11.1/mailcmd.c:534:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t read; data/axmail-2.11.1/mailcmd.c:766:33: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(str, " "); data/axmail-2.11.1/mailcmd.c:767:25: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(str, argv[i], LINESIZE - strlen(str)); data/axmail-2.11.1/mailcmd.c:767:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(str, argv[i], LINESIZE - strlen(str)); data/axmail-2.11.1/mbox.c:76:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fileno(f), (char *) message, size) != size) data/axmail-2.11.1/mbox.c:149:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). count = strlen(buf); data/axmail-2.11.1/mbox.c:183:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). count = strlen(buf); data/axmail-2.11.1/mbox.c:214:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). count = strlen(buf); data/axmail-2.11.1/quit.c:81:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). count = strlen(buf); data/axmail-2.11.1/quit.c:100:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). count = strlen(buf); data/axmail-2.11.1/quit.c:109:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). count = strlen(buf); data/axmail-2.11.1/quit.c:178:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite(buf, sizeof *buf, strlen(buf), dest); data/axmail-2.11.1/quit.c:180:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, "\n"); data/axmail-2.11.1/quit.c:186:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite(buf, sizeof *buf, strlen(buf), dest); data/axmail-2.11.1/quit.c:197:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). count = strlen(buf); data/axmail-2.11.1/setpwnam.c:58:16: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). oldumask = umask(0); /* Create with exact permissions */ data/axmail-2.11.1/setpwnam.c:67:6: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(oldumask); data/axmail-2.11.1/setpwnam.c:78:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(oldumask); data/axmail-2.11.1/setpwnam.c:157:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dup = (char *) malloc (strlen (str) + 1); data/axmail-2.11.1/setpwnam.c:211:8: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). (void)umask(0); data/axmail-2.11.1/utils.c:59:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(nam) > 30) { data/axmail-2.11.1/utils.c:90:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(p, ""); ANALYSIS SUMMARY: Hits = 194 Lines analyzed = 3249 in approximately 0.15 seconds (21270 lines/second) Physical Source Lines of Code (SLOC) = 2469 Hits@level = [0] 234 [1] 44 [2] 96 [3] 0 [4] 50 [5] 4 Hits@level+ = [0+] 428 [1+] 194 [2+] 150 [3+] 54 [4+] 54 [5+] 4 Hits/KSLOC@level+ = [0+] 173.35 [1+] 78.5743 [2+] 60.7533 [3+] 21.8712 [4+] 21.8712 [5+] 1.62009 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.