Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bacula-9.6.6/src/plugins/dir/example-plugin-dir.c
Examining data/bacula-9.6.6/src/plugins/sd/main.c
Examining data/bacula-9.6.6/src/plugins/sd/example-plugin-sd.c
Examining data/bacula-9.6.6/src/plugins/fd/docker/docker-fd.h
Examining data/bacula-9.6.6/src/plugins/fd/docker/dkinfo.h
Examining data/bacula-9.6.6/src/plugins/fd/docker/dkid.c
Examining data/bacula-9.6.6/src/plugins/fd/docker/docker-fd.c
Examining data/bacula-9.6.6/src/plugins/fd/docker/dkinfo.c
Examining data/bacula-9.6.6/src/plugins/fd/docker/dkcommctx.c
Examining data/bacula-9.6.6/src/plugins/fd/docker/dkid.h
Examining data/bacula-9.6.6/src/plugins/fd/docker/dkcommctx.h
Examining data/bacula-9.6.6/src/plugins/fd/example-plugin-fd.c
Examining data/bacula-9.6.6/src/plugins/fd/pluglib.h
Examining data/bacula-9.6.6/src/plugins/fd/fd_common.h
Examining data/bacula-9.6.6/src/plugins/fd/test-plugin-fd.c
Examining data/bacula-9.6.6/src/plugins/fd/pluglib.c
Examining data/bacula-9.6.6/src/plugins/fd/bpipe-fd.c
Examining data/bacula-9.6.6/src/plugins/fd/test-deltaseq-fd.c
Examining data/bacula-9.6.6/src/filetypes.h
Examining data/bacula-9.6.6/src/fileopts.h
Examining data/bacula-9.6.6/src/console/authenticate.c
Examining data/bacula-9.6.6/src/console/conio.h
Examining data/bacula-9.6.6/src/console/bbconsjson.c
Examining data/bacula-9.6.6/src/console/func.h
Examining data/bacula-9.6.6/src/console/console_conf.h
Examining data/bacula-9.6.6/src/console/console_conf.c
Examining data/bacula-9.6.6/src/console/console.c
Examining data/bacula-9.6.6/src/console/conio.c
Examining data/bacula-9.6.6/src/cats/protos.h
Examining data/bacula-9.6.6/src/cats/sql_list.c
Examining data/bacula-9.6.6/src/cats/sql_get.c
Examining data/bacula-9.6.6/src/cats/sql_find.c
Examining data/bacula-9.6.6/src/cats/bdb_mysql.h
Examining data/bacula-9.6.6/src/cats/cats_null.c
Examining data/bacula-9.6.6/src/cats/bdb.h
Examining data/bacula-9.6.6/src/cats/bdb_postgresql.h
Examining data/bacula-9.6.6/src/cats/sql.c
Examining data/bacula-9.6.6/src/cats/cats.h
Examining data/bacula-9.6.6/src/cats/bdb_sqlite.h
Examining data/bacula-9.6.6/src/cats/sql_update.c
Examining data/bacula-9.6.6/src/cats/sql_create.c
Examining data/bacula-9.6.6/src/cats/sql_cmds.h
Examining data/bacula-9.6.6/src/cats/mysql.c
Examining data/bacula-9.6.6/src/cats/cats.c
Examining data/bacula-9.6.6/src/cats/bvfs.h
Examining data/bacula-9.6.6/src/cats/postgresql.c
Examining data/bacula-9.6.6/src/cats/sqlite.c
Examining data/bacula-9.6.6/src/cats/sql_cmds.c
Examining data/bacula-9.6.6/src/cats/sql_delete.c
Examining data/bacula-9.6.6/src/cats/bvfs.c
Examining data/bacula-9.6.6/src/stored/job.c
Examining data/bacula-9.6.6/src/stored/match_bsr.c
Examining data/bacula-9.6.6/src/stored/reserve.h
Examining data/bacula-9.6.6/src/stored/file_driver.h
Examining data/bacula-9.6.6/src/stored/vbackup.c
Examining data/bacula-9.6.6/src/stored/file_dev.h
Examining data/bacula-9.6.6/src/stored/append.c
Examining data/bacula-9.6.6/src/stored/s3_driver.c
Examining data/bacula-9.6.6/src/stored/protos.h
Examining data/bacula-9.6.6/src/stored/block.h
Examining data/bacula-9.6.6/src/stored/global.c
Examining data/bacula-9.6.6/src/stored/cloud_transfer_mgr.c
Examining data/bacula-9.6.6/src/stored/cloud_test.c
Examining data/bacula-9.6.6/src/stored/mount.c
Examining data/bacula-9.6.6/src/stored/cloud_driver.h
Examining data/bacula-9.6.6/src/stored/lock.h
Examining data/bacula-9.6.6/src/stored/scan.c
Examining data/bacula-9.6.6/src/stored/askdir.c
Examining data/bacula-9.6.6/src/stored/sdcollect.c
Examining data/bacula-9.6.6/src/stored/stored.c
Examining data/bacula-9.6.6/src/stored/aligned_dev.c
Examining data/bacula-9.6.6/src/stored/btape.c
Examining data/bacula-9.6.6/src/stored/record_read.c
Examining data/bacula-9.6.6/src/stored/aligned_write.c
Examining data/bacula-9.6.6/src/stored/spool.c
Examining data/bacula-9.6.6/src/stored/hello.c
Examining data/bacula-9.6.6/src/stored/bls.c
Examining data/bacula-9.6.6/src/stored/aligned_read.c
Examining data/bacula-9.6.6/src/stored/stored_conf.h
Examining data/bacula-9.6.6/src/stored/wait.c
Examining data/bacula-9.6.6/src/stored/device.c
Examining data/bacula-9.6.6/src/stored/cloud_transfer_mgr.h
Examining data/bacula-9.6.6/src/stored/authenticate.c
Examining data/bacula-9.6.6/src/stored/block.c
Examining data/bacula-9.6.6/src/stored/fifo_dev.c
Examining data/bacula-9.6.6/src/stored/label.c
Examining data/bacula-9.6.6/src/stored/acquire.c
Examining data/bacula-9.6.6/src/stored/bextract.c
Examining data/bacula-9.6.6/src/stored/bscan.c
Examining data/bacula-9.6.6/src/stored/stored_conf.c
Examining data/bacula-9.6.6/src/stored/dircmd.c
Examining data/bacula-9.6.6/src/stored/dev.c
Examining data/bacula-9.6.6/src/stored/fd_cmds.c
Examining data/bacula-9.6.6/src/stored/block_util.c
Examining data/bacula-9.6.6/src/stored/bcopy.c
Examining data/bacula-9.6.6/src/stored/tape_dev.c
Examining data/bacula-9.6.6/src/stored/tape_alert.c
Examining data/bacula-9.6.6/src/stored/cloud_parts.c
Examining data/bacula-9.6.6/src/stored/butil.c
Examining data/bacula-9.6.6/src/stored/record_write.c
Examining data/bacula-9.6.6/src/stored/dev.h
Examining data/bacula-9.6.6/src/stored/ansi_label.c
Examining data/bacula-9.6.6/src/stored/cloud_parts.h
Examining data/bacula-9.6.6/src/stored/cloud_dev.h
Examining data/bacula-9.6.6/src/stored/vol_mgr.c
Examining data/bacula-9.6.6/src/stored/win_tape_dev.h
Examining data/bacula-9.6.6/src/stored/vtape_dev.h
Examining data/bacula-9.6.6/src/stored/ebcdic.c
Examining data/bacula-9.6.6/src/stored/file_dev.c
Examining data/bacula-9.6.6/src/stored/lock.c
Examining data/bacula-9.6.6/src/stored/record.h
Examining data/bacula-9.6.6/src/stored/file_driver.c
Examining data/bacula-9.6.6/src/stored/fifo_dev.h
Examining data/bacula-9.6.6/src/stored/read.c
Examining data/bacula-9.6.6/src/stored/init_dev.c
Examining data/bacula-9.6.6/src/stored/autochanger.c
Examining data/bacula-9.6.6/src/stored/stored.h
Examining data/bacula-9.6.6/src/stored/os.c
Examining data/bacula-9.6.6/src/stored/vol_mgr.h
Examining data/bacula-9.6.6/src/stored/null_dev.h
Examining data/bacula-9.6.6/src/stored/tape_alert_msgs.h
Examining data/bacula-9.6.6/src/stored/read_records.c
Examining data/bacula-9.6.6/src/stored/cloud_dev.c
Examining data/bacula-9.6.6/src/stored/tape_worm.c
Examining data/bacula-9.6.6/src/stored/win_file_dev.h
Examining data/bacula-9.6.6/src/stored/s3_driver.h
Examining data/bacula-9.6.6/src/stored/sd_plugins.h
Examining data/bacula-9.6.6/src/stored/parse_bsr.c
Examining data/bacula-9.6.6/src/stored/bsr.h
Examining data/bacula-9.6.6/src/stored/aligned_dev.h
Examining data/bacula-9.6.6/src/stored/reserve.c
Examining data/bacula-9.6.6/src/stored/record_util.c
Examining data/bacula-9.6.6/src/stored/null_dev.c
Examining data/bacula-9.6.6/src/stored/vtape_dev.c
Examining data/bacula-9.6.6/src/stored/bsdjson.c
Examining data/bacula-9.6.6/src/stored/status.c
Examining data/bacula-9.6.6/src/stored/tape_dev.h
Examining data/bacula-9.6.6/src/stored/sd_plugins.c
Examining data/bacula-9.6.6/src/lib/sellist.c
Examining data/bacula-9.6.6/src/lib/alist.c
Examining data/bacula-9.6.6/src/lib/workq.h
Examining data/bacula-9.6.6/src/lib/lz4.c
Examining data/bacula-9.6.6/src/lib/binflate.c
Examining data/bacula-9.6.6/src/lib/crypto.h
Examining data/bacula-9.6.6/src/lib/protos.h
Examining data/bacula-9.6.6/src/lib/smartall.h
Examining data/bacula-9.6.6/src/lib/bjson.c
Examining data/bacula-9.6.6/src/lib/plugins.c
Examining data/bacula-9.6.6/src/lib/lockmgr.h
Examining data/bacula-9.6.6/src/lib/bregex.c
Examining data/bacula-9.6.6/src/lib/btime.c
Examining data/bacula-9.6.6/src/lib/bnet.c
Examining data/bacula-9.6.6/src/lib/status.h
Examining data/bacula-9.6.6/src/lib/unittests.c
Examining data/bacula-9.6.6/src/lib/bwlimit.c
Examining data/bacula-9.6.6/src/lib/scan.c
Examining data/bacula-9.6.6/src/lib/serial.h
Examining data/bacula-9.6.6/src/lib/ini.h
Examining data/bacula-9.6.6/src/lib/openssl.c
Examining data/bacula-9.6.6/src/lib/var.c
Examining data/bacula-9.6.6/src/lib/util.c
Examining data/bacula-9.6.6/src/lib/devlock.c
Examining data/bacula-9.6.6/src/lib/rblist.c
Examining data/bacula-9.6.6/src/lib/guid_to_name.h
Examining data/bacula-9.6.6/src/lib/jcr.c
Examining data/bacula-9.6.6/src/lib/lex.c
Examining data/bacula-9.6.6/src/lib/base64.c
Examining data/bacula-9.6.6/src/lib/fnmatch.h
Examining data/bacula-9.6.6/src/lib/bpipe.c
Examining data/bacula-9.6.6/src/lib/flist.c
Examining data/bacula-9.6.6/src/lib/bstat.c
Examining data/bacula-9.6.6/src/lib/watchdog.h
Examining data/bacula-9.6.6/src/lib/openssl-compat.h
Examining data/bacula-9.6.6/src/lib/alist.h
Examining data/bacula-9.6.6/src/lib/sha1.h
Examining data/bacula-9.6.6/src/lib/address_conf.h
Examining data/bacula-9.6.6/src/lib/dlist.c
Examining data/bacula-9.6.6/src/lib/workq.c
Examining data/bacula-9.6.6/src/lib/breg.c
Examining data/bacula-9.6.6/src/lib/fnmatch.c
Examining data/bacula-9.6.6/src/lib/output.h
Examining data/bacula-9.6.6/src/lib/sha2.h
Examining data/bacula-9.6.6/src/lib/unittests.h
Examining data/bacula-9.6.6/src/lib/hmac.c
Examining data/bacula-9.6.6/src/lib/lz4.h
Examining data/bacula-9.6.6/src/lib/waitq.h
Examining data/bacula-9.6.6/src/lib/md5.c
Examining data/bacula-9.6.6/src/lib/btimers.c
Examining data/bacula-9.6.6/src/lib/bsys.c
Examining data/bacula-9.6.6/src/lib/bsock.c
Examining data/bacula-9.6.6/src/lib/lib.h
Examining data/bacula-9.6.6/src/lib/serial.c
Examining data/bacula-9.6.6/src/lib/worker.c
Examining data/bacula-9.6.6/src/lib/parse_conf.c
Examining data/bacula-9.6.6/src/lib/queue.c
Examining data/bacula-9.6.6/src/lib/daemon.c
Examining data/bacula-9.6.6/src/lib/runscript.h
Examining data/bacula-9.6.6/src/lib/guid_to_name.c
Examining data/bacula-9.6.6/src/lib/openssl.h
Examining data/bacula-9.6.6/src/lib/sellist.h
Examining data/bacula-9.6.6/src/lib/lockmgr.c
Examining data/bacula-9.6.6/src/lib/bsnprintf.c
Examining data/bacula-9.6.6/src/lib/message.c
Examining data/bacula-9.6.6/src/lib/collect.h
Examining data/bacula-9.6.6/src/lib/bregex.h
Examining data/bacula-9.6.6/src/lib/htable.c
Examining data/bacula-9.6.6/src/lib/message.h
Examining data/bacula-9.6.6/src/lib/bcollector.c
Examining data/bacula-9.6.6/src/lib/edit.c
Examining data/bacula-9.6.6/src/lib/tls.c
Examining data/bacula-9.6.6/src/lib/rwlock.h
Examining data/bacula-9.6.6/src/lib/tree.h
Examining data/bacula-9.6.6/src/lib/priv.c
Examining data/bacula-9.6.6/src/lib/sha2.c
Examining data/bacula-9.6.6/src/lib/res.c
Examining data/bacula-9.6.6/src/lib/output.c
Examining data/bacula-9.6.6/src/lib/queue.h
Examining data/bacula-9.6.6/src/lib/watchdog.c
Examining data/bacula-9.6.6/src/lib/md5.h
Examining data/bacula-9.6.6/src/lib/mutex_list.h
Examining data/bacula-9.6.6/src/lib/ini.c
Examining data/bacula-9.6.6/src/lib/bpipe.h
Examining data/bacula-9.6.6/src/lib/btime.h
Examining data/bacula-9.6.6/src/lib/rblist.h
Examining data/bacula-9.6.6/src/lib/worker.h
Examining data/bacula-9.6.6/src/lib/bget_msg.c
Examining data/bacula-9.6.6/src/lib/bwlimit.h
Examining data/bacula-9.6.6/src/lib/htable.h
Examining data/bacula-9.6.6/src/lib/devlock.h
Examining data/bacula-9.6.6/src/lib/base64.h
Examining data/bacula-9.6.6/src/lib/tree.c
Examining data/bacula-9.6.6/src/lib/sha1.c
Examining data/bacula-9.6.6/src/lib/plugins.h
Examining data/bacula-9.6.6/src/lib/bsock.h
Examining data/bacula-9.6.6/src/lib/mem_pool.h
Examining data/bacula-9.6.6/src/lib/attr.h
Examining data/bacula-9.6.6/src/lib/bits.h
Examining data/bacula-9.6.6/src/lib/berrno.h
Examining data/bacula-9.6.6/src/lib/lex.h
Examining data/bacula-9.6.6/src/lib/collect.c
Examining data/bacula-9.6.6/src/lib/btimers.h
Examining data/bacula-9.6.6/src/lib/address_conf.c
Examining data/bacula-9.6.6/src/lib/cmd_parser.h
Examining data/bacula-9.6.6/src/lib/crypto.c
Examining data/bacula-9.6.6/src/lib/attr.c
Examining data/bacula-9.6.6/src/lib/bstat.h
Examining data/bacula-9.6.6/src/lib/parse_conf.h
Examining data/bacula-9.6.6/src/lib/bsockcore.h
Examining data/bacula-9.6.6/src/lib/signal.c
Examining data/bacula-9.6.6/src/lib/berrno.c
Examining data/bacula-9.6.6/src/lib/lz4_encoder.h
Examining data/bacula-9.6.6/src/lib/bcollector.h
Examining data/bacula-9.6.6/src/lib/bjson.h
Examining data/bacula-9.6.6/src/lib/rwlock.c
Examining data/bacula-9.6.6/src/lib/crc32.c
Examining data/bacula-9.6.6/src/lib/tcpd.h
Examining data/bacula-9.6.6/src/lib/bget_msg.h
Examining data/bacula-9.6.6/src/lib/bsockcore.c
Examining data/bacula-9.6.6/src/lib/var.h
Examining data/bacula-9.6.6/src/lib/mem_pool.c
Examining data/bacula-9.6.6/src/lib/bnet_server.c
Examining data/bacula-9.6.6/src/lib/runscript.c
Examining data/bacula-9.6.6/src/lib/flist.h
Examining data/bacula-9.6.6/src/lib/breg.h
Examining data/bacula-9.6.6/src/lib/cram-md5.c
Examining data/bacula-9.6.6/src/lib/smartall.c
Examining data/bacula-9.6.6/src/lib/dlist.h
Examining data/bacula-9.6.6/src/lib/tls.h
Examining data/bacula-9.6.6/src/lib/bmtio.h
Examining data/bacula-9.6.6/src/version.h
Examining data/bacula-9.6.6/src/streams.h
Examining data/bacula-9.6.6/src/dird/ua_acl.c
Examining data/bacula-9.6.6/src/dird/job.c
Examining data/bacula-9.6.6/src/dird/vbackup.c
Examining data/bacula-9.6.6/src/dird/ua_output.c
Examining data/bacula-9.6.6/src/dird/protos.h
Examining data/bacula-9.6.6/src/dird/dir_plugins.h
Examining data/bacula-9.6.6/src/dird/jobq.c
Examining data/bacula-9.6.6/src/dird/ua_select.c
Examining data/bacula-9.6.6/src/dird/run_conf.c
Examining data/bacula-9.6.6/src/dird/restore.c
Examining data/bacula-9.6.6/src/dird/admin.c
Examining data/bacula-9.6.6/src/dird/ua_status.c
Examining data/bacula-9.6.6/src/dird/next_vol.c
Examining data/bacula-9.6.6/src/dird/bdirjson.c
Examining data/bacula-9.6.6/src/dird/authenticate.c
Examining data/bacula-9.6.6/src/dird/verify.c
Examining data/bacula-9.6.6/src/dird/ua_dotcmds.c
Examining data/bacula-9.6.6/src/dird/expand.c
Examining data/bacula-9.6.6/src/dird/mac_sql.c
Examining data/bacula-9.6.6/src/dird/mac.c
Examining data/bacula-9.6.6/src/dird/ua_collect.c
Examining data/bacula-9.6.6/src/dird/autoprune.c
Examining data/bacula-9.6.6/src/dird/ua_restore.c
Examining data/bacula-9.6.6/src/dird/dird.h
Examining data/bacula-9.6.6/src/dird/bsr.c
Examining data/bacula-9.6.6/src/dird/fd_cmds.c
Examining data/bacula-9.6.6/src/dird/ua.h
Examining data/bacula-9.6.6/src/dird/scheduler.c
Examining data/bacula-9.6.6/src/dird/ua_run.c
Examining data/bacula-9.6.6/src/dird/mountreq.c
Examining data/bacula-9.6.6/src/dird/ua_label.c
Examining data/bacula-9.6.6/src/dird/ua_cmds.c
Examining data/bacula-9.6.6/src/dird/backup.c
Examining data/bacula-9.6.6/src/dird/ua_tree.c
Examining data/bacula-9.6.6/src/dird/inc_conf.c
Examining data/bacula-9.6.6/src/dird/recycle.c
Examining data/bacula-9.6.6/src/dird/ua_server.c
Examining data/bacula-9.6.6/src/dird/newvol.c
Examining data/bacula-9.6.6/src/dird/msgchan.c
Examining data/bacula-9.6.6/src/dird/getmsg.c
Examining data/bacula-9.6.6/src/dird/ua_input.c
Examining data/bacula-9.6.6/src/dird/dird_conf.c
Examining data/bacula-9.6.6/src/dird/ua_query.c
Examining data/bacula-9.6.6/src/dird/dird.c
Examining data/bacula-9.6.6/src/dird/ua_purge.c
Examining data/bacula-9.6.6/src/dird/ua_prune.c
Examining data/bacula-9.6.6/src/dird/ua_update.c
Examining data/bacula-9.6.6/src/dird/dird_conf.h
Examining data/bacula-9.6.6/src/dird/dir_plugins.c
Examining data/bacula-9.6.6/src/dird/bsr.h
Examining data/bacula-9.6.6/src/dird/jobq.h
Examining data/bacula-9.6.6/src/dird/catreq.c
Examining data/bacula-9.6.6/src/dird/snapshot.c
Examining data/bacula-9.6.6/src/bacula.h
Examining data/bacula-9.6.6/src/findlib/match.c
Examining data/bacula-9.6.6/src/findlib/savecwd.h
Examining data/bacula-9.6.6/src/findlib/bfile.h
Examining data/bacula-9.6.6/src/findlib/protos.h
Examining data/bacula-9.6.6/src/findlib/bfile.c
Examining data/bacula-9.6.6/src/findlib/win32filter.c
Examining data/bacula-9.6.6/src/findlib/drivetype.c
Examining data/bacula-9.6.6/src/findlib/savecwd.c
Examining data/bacula-9.6.6/src/findlib/find.h
Examining data/bacula-9.6.6/src/findlib/attribs.c
Examining data/bacula-9.6.6/src/findlib/namedpipe.h
Examining data/bacula-9.6.6/src/findlib/enable_priv.c
Examining data/bacula-9.6.6/src/findlib/namedpipe.c
Examining data/bacula-9.6.6/src/findlib/find.c
Examining data/bacula-9.6.6/src/findlib/win32filter.h
Examining data/bacula-9.6.6/src/findlib/mkpath.c
Examining data/bacula-9.6.6/src/findlib/create_file.c
Examining data/bacula-9.6.6/src/findlib/find_one.c
Examining data/bacula-9.6.6/src/findlib/fstype.c
Examining data/bacula-9.6.6/src/bc_types.h
Examining data/bacula-9.6.6/src/filed/bfdjson.c
Examining data/bacula-9.6.6/src/filed/job.c
Examining data/bacula-9.6.6/src/filed/bacl_linux.c
Examining data/bacula-9.6.6/src/filed/bacl_osx.c
Examining data/bacula-9.6.6/src/filed/heartbeat.c
Examining data/bacula-9.6.6/src/filed/bacl_freebsd.h
Examining data/bacula-9.6.6/src/filed/protos.h
Examining data/bacula-9.6.6/src/filed/win_efs.c
Examining data/bacula-9.6.6/src/filed/filed_conf.c
Examining data/bacula-9.6.6/src/filed/filed.h
Examining data/bacula-9.6.6/src/filed/accurate.c
Examining data/bacula-9.6.6/src/filed/fd_plugins.c
Examining data/bacula-9.6.6/src/filed/fd_plugins.h
Examining data/bacula-9.6.6/src/filed/bxattr_solaris.c
Examining data/bacula-9.6.6/src/filed/restore.c
Examining data/bacula-9.6.6/src/filed/bxattr_osx.c
Examining data/bacula-9.6.6/src/filed/hello.c
Examining data/bacula-9.6.6/src/filed/fdcollect.c
Examining data/bacula-9.6.6/src/filed/backup.h
Examining data/bacula-9.6.6/src/filed/estimate.c
Examining data/bacula-9.6.6/src/filed/verify_vol.c
Examining data/bacula-9.6.6/src/filed/authenticate.c
Examining data/bacula-9.6.6/src/filed/verify.c
Examining data/bacula-9.6.6/src/filed/bxattr_freebsd.h
Examining data/bacula-9.6.6/src/filed/bacl_solaris.c
Examining data/bacula-9.6.6/src/filed/bacl.c
Examining data/bacula-9.6.6/src/filed/fd_snapshot.c
Examining data/bacula-9.6.6/src/filed/backup.c
Examining data/bacula-9.6.6/src/filed/bxattr_solaris.h
Examining data/bacula-9.6.6/src/filed/bxattr_osx.h
Examining data/bacula-9.6.6/src/filed/bacl_linux.h
Examining data/bacula-9.6.6/src/filed/bacl.h
Examining data/bacula-9.6.6/src/filed/suspend.h
Examining data/bacula-9.6.6/src/filed/bxattr.h
Examining data/bacula-9.6.6/src/filed/fd_snapshot.h
Examining data/bacula-9.6.6/src/filed/bacl_freebsd.c
Examining data/bacula-9.6.6/src/filed/suspend.c
Examining data/bacula-9.6.6/src/filed/crypto.c
Examining data/bacula-9.6.6/src/filed/bxattr_freebsd.c
Examining data/bacula-9.6.6/src/filed/bxattr_linux.h
Examining data/bacula-9.6.6/src/filed/bacl_solaris.h
Examining data/bacula-9.6.6/src/filed/filed.c
Examining data/bacula-9.6.6/src/filed/status.c
Examining data/bacula-9.6.6/src/filed/restore.h
Examining data/bacula-9.6.6/src/filed/filed_conf.h
Examining data/bacula-9.6.6/src/filed/bacl_osx.h
Examining data/bacula-9.6.6/src/filed/bxattr.c
Examining data/bacula-9.6.6/src/filed/bxattr_linux.c
Examining data/bacula-9.6.6/src/baconfig.h
Examining data/bacula-9.6.6/src/jcr.h
Examining data/bacula-9.6.6/src/win32/stored/trayMonitor.cpp
Examining data/bacula-9.6.6/src/win32/stored/win_tape_device.cpp
Examining data/bacula-9.6.6/src/win32/stored/service.cpp
Examining data/bacula-9.6.6/src/win32/stored/mtops.cpp
Examining data/bacula-9.6.6/src/win32/stored/postest/postest.cpp
Examining data/bacula-9.6.6/src/win32/stored/main.cpp
Examining data/bacula-9.6.6/src/win32/stored/who.h
Examining data/bacula-9.6.6/src/win32/scripts/bsleep.c
Examining data/bacula-9.6.6/src/win32/wx-console/w32api.h
Examining data/bacula-9.6.6/src/win32/dird/service.cpp
Examining data/bacula-9.6.6/src/win32/dird/main.cpp
Examining data/bacula-9.6.6/src/win32/dird/who.h
Examining data/bacula-9.6.6/src/win32/filed/plugins/api.c
Examining data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c
Examining data/bacula-9.6.6/src/win32/filed/plugins/dbi_node.c
Examining data/bacula-9.6.6/src/win32/filed/plugins/comadmin.h
Examining data/bacula-9.6.6/src/win32/filed/plugins/exchange-fd.h
Examining data/bacula-9.6.6/src/win32/filed/plugins/file_node.c
Examining data/bacula-9.6.6/src/win32/filed/plugins/exch_file_node.c
Examining data/bacula-9.6.6/src/win32/filed/plugins/node.c
Examining data/bacula-9.6.6/src/win32/filed/plugins/alldrives-fd.c
Examining data/bacula-9.6.6/src/win32/filed/plugins/root_node.c
Examining data/bacula-9.6.6/src/win32/filed/plugins/api.h
Examining data/bacula-9.6.6/src/win32/filed/plugins/store_node.c
Examining data/bacula-9.6.6/src/win32/filed/plugins/exch_api.h
Examining data/bacula-9.6.6/src/win32/filed/plugins/exch_node.h
Examining data/bacula-9.6.6/src/win32/filed/plugins/exch_api.c
Examining data/bacula-9.6.6/src/win32/filed/plugins/exch_node.c
Examining data/bacula-9.6.6/src/win32/filed/plugins/node.h
Examining data/bacula-9.6.6/src/win32/filed/plugins/exch_store_node.c
Examining data/bacula-9.6.6/src/win32/filed/plugins/bpipe-fd.c
Examining data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c
Examining data/bacula-9.6.6/src/win32/filed/plugins/exchange-fd.c
Examining data/bacula-9.6.6/src/win32/filed/plugins/service_node.c
Examining data/bacula-9.6.6/src/win32/filed/plugins/exch_dbi_node.c
Examining data/bacula-9.6.6/src/win32/filed/plugins/exch_root_node.c
Examining data/bacula-9.6.6/src/win32/filed/plugins/exch_service_node.c
Examining data/bacula-9.6.6/src/win32/filed/trayMonitor.cpp
Examining data/bacula-9.6.6/src/win32/filed/vss_Vista.cpp
Examining data/bacula-9.6.6/src/win32/filed/vss_XP.cpp
Examining data/bacula-9.6.6/src/win32/filed/service.cpp
Examining data/bacula-9.6.6/src/win32/filed/vss.h
Examining data/bacula-9.6.6/src/win32/filed/main.cpp
Examining data/bacula-9.6.6/src/win32/filed/who.h
Examining data/bacula-9.6.6/src/win32/filed/vss.cpp
Examining data/bacula-9.6.6/src/win32/filed/vss_generic.cpp
Examining data/bacula-9.6.6/src/win32/filed/vss_W2K3.cpp
Examining data/bacula-9.6.6/src/win32/libwin32/statusDialog.cpp
Examining data/bacula-9.6.6/src/win32/libwin32/res.h
Examining data/bacula-9.6.6/src/win32/libwin32/protos.h
Examining data/bacula-9.6.6/src/win32/libwin32/trayMonitor.cpp
Examining data/bacula-9.6.6/src/win32/libwin32/service.cpp
Examining data/bacula-9.6.6/src/win32/libwin32/aboutDialog.cpp
Examining data/bacula-9.6.6/src/win32/libwin32/main.cpp
Examining data/bacula-9.6.6/src/win32/libwin32/aboutDialog.h
Examining data/bacula-9.6.6/src/win32/libwin32/win32.h
Examining data/bacula-9.6.6/src/win32/libwin32/statusDialog.h
Examining data/bacula-9.6.6/src/win32/libwin32/trayMonitor.h
Examining data/bacula-9.6.6/src/win32/compat/print.cpp
Examining data/bacula-9.6.6/src/win32/compat/winsock.h
Examining data/bacula-9.6.6/src/win32/compat/dirent.h
Examining data/bacula-9.6.6/src/win32/compat/strings.h
Examining data/bacula-9.6.6/src/win32/compat/getopt.c
Examining data/bacula-9.6.6/src/win32/compat/dlfcn.h
Examining data/bacula-9.6.6/src/win32/compat/compat.cpp
Examining data/bacula-9.6.6/src/win32/compat/pwd.h
Examining data/bacula-9.6.6/src/win32/compat/winapi.c
Examining data/bacula-9.6.6/src/win32/compat/getopt.h
Examining data/bacula-9.6.6/src/win32/compat/ms_atl.h
Examining data/bacula-9.6.6/src/win32/compat/winhost.h
Examining data/bacula-9.6.6/src/win32/compat/sys/time.h
Examining data/bacula-9.6.6/src/win32/compat/sys/wait.h
Examining data/bacula-9.6.6/src/win32/compat/sys/mtio.h
Examining data/bacula-9.6.6/src/win32/compat/sys/file.h
Examining data/bacula-9.6.6/src/win32/compat/sys/stat.h
Examining data/bacula-9.6.6/src/win32/compat/sys/ioctl.h
Examining data/bacula-9.6.6/src/win32/compat/sys/socket.h
Examining data/bacula-9.6.6/src/win32/compat/netdb.h
Examining data/bacula-9.6.6/src/win32/compat/unistd.h
Examining data/bacula-9.6.6/src/win32/compat/mingwconfig.h
Examining data/bacula-9.6.6/src/win32/compat/alloca.h
Examining data/bacula-9.6.6/src/win32/compat/netinet/in.h
Examining data/bacula-9.6.6/src/win32/compat/netinet/tcp.h
Examining data/bacula-9.6.6/src/win32/compat/compat.h
Examining data/bacula-9.6.6/src/win32/compat/grp.h
Examining data/bacula-9.6.6/src/win32/compat/stdint.h
Examining data/bacula-9.6.6/src/win32/compat/mswinver.h
Examining data/bacula-9.6.6/src/win32/compat/winhdrs.h
Examining data/bacula-9.6.6/src/win32/compat/syslog.h
Examining data/bacula-9.6.6/src/win32/compat/winapi.h
Examining data/bacula-9.6.6/src/win32/compat/arpa/inet.h
Examining data/bacula-9.6.6/src/win32/winapi.h
Examining data/bacula-9.6.6/src/win32/tools/ScsiDeviceList.cpp
Examining data/bacula-9.6.6/src/win32/tools/ScsiDeviceList.h
Examining data/bacula-9.6.6/src/win32/tools/scsilist.cpp
Examining data/bacula-9.6.6/src/qt-console/relabel/relabel.cpp
Examining data/bacula-9.6.6/src/qt-console/relabel/relabel.h
Examining data/bacula-9.6.6/src/qt-console/fileset/fileset.cpp
Examining data/bacula-9.6.6/src/qt-console/fileset/fileset.h
Examining data/bacula-9.6.6/src/qt-console/testprogs/examp/mainwindow.cpp
Examining data/bacula-9.6.6/src/qt-console/testprogs/examp/mainwindow.h
Examining data/bacula-9.6.6/src/qt-console/testprogs/examp/main.cpp
Examining data/bacula-9.6.6/src/qt-console/testprogs/putz/main.cpp
Examining data/bacula-9.6.6/src/qt-console/testprogs/putz/putz.cpp
Examining data/bacula-9.6.6/src/qt-console/testprogs/putz/putz.h
Examining data/bacula-9.6.6/src/qt-console/job/job.cpp
Examining data/bacula-9.6.6/src/qt-console/job/job.h
Examining data/bacula-9.6.6/src/qt-console/pages.cpp
Examining data/bacula-9.6.6/src/qt-console/bcomm/dircomm.cpp
Examining data/bacula-9.6.6/src/qt-console/bcomm/dircomm_auth.cpp
Examining data/bacula-9.6.6/src/qt-console/bcomm/dircomm.h
Examining data/bacula-9.6.6/src/qt-console/label/label.cpp
Examining data/bacula-9.6.6/src/qt-console/label/label.h
Examining data/bacula-9.6.6/src/qt-console/mount/mount.h
Examining data/bacula-9.6.6/src/qt-console/mount/mount.cpp
Examining data/bacula-9.6.6/src/qt-console/console/console.h
Examining data/bacula-9.6.6/src/qt-console/console/console.cpp
Examining data/bacula-9.6.6/src/qt-console/run/run.cpp
Examining data/bacula-9.6.6/src/qt-console/run/runcmd.cpp
Examining data/bacula-9.6.6/src/qt-console/run/run.h
Examining data/bacula-9.6.6/src/qt-console/run/prune.cpp
Examining data/bacula-9.6.6/src/qt-console/run/estimate.cpp
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/conf.cpp
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/status.cpp
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/tray-monitor.h
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/task.h
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/status.h
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/fdstatus.cpp
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/jobsmodel.cpp
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/task.cpp
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/tray_conf.cpp
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/tray-monitor.cpp
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/restoreoptionswizardpage.cpp
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/tray-ui.h
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/restoreoptionswizardpage.h
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/fileselectwizardpage.cpp
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/runjob.h
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/restorewizard.cpp
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/sdstatus.cpp
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/tray_conf.h
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/pluginwizardpage.cpp
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/pluginwizardpage.h
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/dirstatus.cpp
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/restorewizard.h
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/dirstatus.h
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/jobselectwizardpage.cpp
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/conf.h
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/pluginmodel.h
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/jobsmodel.h
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/fileselectwizardpage.h
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/filesmodel.h
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/authenticate.cpp
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/runjob.cpp
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/win32/qplatformdefs.h
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/jobselectwizardpage.h
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/fdstatus.h
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/clientselectwizardpage.cpp
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/sdstatus.h
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/clientselectwizardpage.h
Examining data/bacula-9.6.6/src/qt-console/tray-monitor/common.h
Examining data/bacula-9.6.6/src/qt-console/storage/content.h
Examining data/bacula-9.6.6/src/qt-console/storage/storage.cpp
Examining data/bacula-9.6.6/src/qt-console/storage/content.cpp
Examining data/bacula-9.6.6/src/qt-console/storage/storage.h
Examining data/bacula-9.6.6/src/qt-console/qstd.h
Examining data/bacula-9.6.6/src/qt-console/jobgraphs/jobplot.cpp
Examining data/bacula-9.6.6/src/qt-console/jobgraphs/jobplot.h
Examining data/bacula-9.6.6/src/qt-console/mainwin.cpp
Examining data/bacula-9.6.6/src/qt-console/mediainfo/mediainfo.h
Examining data/bacula-9.6.6/src/qt-console/mediainfo/mediainfo.cpp
Examining data/bacula-9.6.6/src/qt-console/clients/clients.h
Examining data/bacula-9.6.6/src/qt-console/clients/clients.cpp
Examining data/bacula-9.6.6/src/qt-console/joblist/joblist.h
Examining data/bacula-9.6.6/src/qt-console/joblist/joblist.cpp
Examining data/bacula-9.6.6/src/qt-console/joblog/joblog.h
Examining data/bacula-9.6.6/src/qt-console/joblog/joblog.cpp
Examining data/bacula-9.6.6/src/qt-console/qstd.cpp
Examining data/bacula-9.6.6/src/qt-console/medialist/medialist.h
Examining data/bacula-9.6.6/src/qt-console/medialist/medialist.cpp
Examining data/bacula-9.6.6/src/qt-console/medialist/mediaview.cpp
Examining data/bacula-9.6.6/src/qt-console/medialist/mediaview.h
Examining data/bacula-9.6.6/src/qt-console/main.cpp
Examining data/bacula-9.6.6/src/qt-console/mediaedit/mediaedit.cpp
Examining data/bacula-9.6.6/src/qt-console/mediaedit/mediaedit.h
Examining data/bacula-9.6.6/src/qt-console/help/help.cpp
Examining data/bacula-9.6.6/src/qt-console/help/help.h
Examining data/bacula-9.6.6/src/qt-console/bat.h
Examining data/bacula-9.6.6/src/qt-console/jobs/jobs.h
Examining data/bacula-9.6.6/src/qt-console/jobs/jobs.cpp
Examining data/bacula-9.6.6/src/qt-console/util/comboutil.cpp
Examining data/bacula-9.6.6/src/qt-console/util/comboutil.h
Examining data/bacula-9.6.6/src/qt-console/util/fmtwidgetitem.h
Examining data/bacula-9.6.6/src/qt-console/util/fmtwidgetitem.cpp
Examining data/bacula-9.6.6/src/qt-console/select/select.h
Examining data/bacula-9.6.6/src/qt-console/select/textinput.h
Examining data/bacula-9.6.6/src/qt-console/select/select.cpp
Examining data/bacula-9.6.6/src/qt-console/select/textinput.cpp
Examining data/bacula-9.6.6/src/qt-console/bat_conf.h
Examining data/bacula-9.6.6/src/qt-console/win32/qplatformdefs.h
Examining data/bacula-9.6.6/src/qt-console/bat_conf.cpp
Examining data/bacula-9.6.6/src/qt-console/pages.h
Examining data/bacula-9.6.6/src/qt-console/status/clientstat.h
Examining data/bacula-9.6.6/src/qt-console/status/storstat.cpp
Examining data/bacula-9.6.6/src/qt-console/status/dirstat.cpp
Examining data/bacula-9.6.6/src/qt-console/status/storstat.h
Examining data/bacula-9.6.6/src/qt-console/status/clientstat.cpp
Examining data/bacula-9.6.6/src/qt-console/status/dirstat.h
Examining data/bacula-9.6.6/src/qt-console/restore/restoretree.h
Examining data/bacula-9.6.6/src/qt-console/restore/prerestore.cpp
Examining data/bacula-9.6.6/src/qt-console/restore/restoretree.cpp
Examining data/bacula-9.6.6/src/qt-console/restore/brestore.cpp
Examining data/bacula-9.6.6/src/qt-console/restore/restore.h
Examining data/bacula-9.6.6/src/qt-console/restore/restore.cpp
Examining data/bacula-9.6.6/src/qt-console/mainwin.h
Examining data/bacula-9.6.6/src/ch.h
Examining data/bacula-9.6.6/src/tools/bpluginfo.c
Examining data/bacula-9.6.6/src/tools/bregex.c
Examining data/bacula-9.6.6/src/tools/bbatch.c
Examining data/bacula-9.6.6/src/tools/bsnapshot.c
Examining data/bacula-9.6.6/src/tools/drivetype.c
Examining data/bacula-9.6.6/src/tools/bsmtp.c
Examining data/bacula-9.6.6/src/tools/dbcheck.c
Examining data/bacula-9.6.6/src/tools/bregtest.c
Examining data/bacula-9.6.6/src/tools/bvfs_test.c
Examining data/bacula-9.6.6/src/tools/timelimit.c
Examining data/bacula-9.6.6/src/tools/testls.c
Examining data/bacula-9.6.6/src/tools/bwild.c
Examining data/bacula-9.6.6/src/tools/gigaslam.c
Examining data/bacula-9.6.6/src/tools/testfind.c
Examining data/bacula-9.6.6/src/tools/fstype.c
Examining data/bacula-9.6.6/src/tools/cats_test.c
Examining data/bacula-9.6.6/src/tools/grow.c
Examining data/bacula-9.6.6/platforms/freebsd/tapetest.c
Examining data/bacula-9.6.6/examples/nagios/check_bacula/authenticate.c
Examining data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c
Examining data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.h
Examining data/bacula-9.6.6/autoconf/confdefs.h
Examining data/bacula-9.6.6/autoconf/acconfig.h
FINAL RESULTS:
data/bacula-9.6.6/src/findlib/attribs.c:52:16: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
#define lchown chown
data/bacula-9.6.6/src/findlib/attribs.c:55:16: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
#define lchmod chmod
data/bacula-9.6.6/src/findlib/find_one.c:558:14: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
size = readlink(fname, buffer, path_max + name_max + 101);
data/bacula-9.6.6/src/findlib/mkpath.c:41:16: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
#define lchown chown
data/bacula-9.6.6/src/findlib/mkpath.c:44:16: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
#define lchmod chmod
data/bacula-9.6.6/src/qt-console/tray-monitor/runjob.cpp:263:7: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(ed1, "B", sizeof(ed1));
data/bacula-9.6.6/src/stored/file_dev.c:295:7: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown(archive_name.c_str(), st.st_uid, st.st_gid);
data/bacula-9.6.6/src/win32/compat/compat.cpp:595:5: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
int chown(const char *k, uid_t, gid_t)
data/bacula-9.6.6/src/win32/compat/compat.cpp:870:1: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
readlink(const char *path, char *buf, int bufsiz)
data/bacula-9.6.6/src/win32/compat/compat.h:279:5: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
int chown(const char *, uid_t uid, gid_t gid);
data/bacula-9.6.6/src/win32/compat/compat.h:281:5: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
int chmod(const char *, mode_t mode);
data/bacula-9.6.6/src/win32/compat/compat.h:328:5: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
int readlink(const char *, char *, int);
data/bacula-9.6.6/src/win32/compat/compat.h:361:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
#define chmod win32_chmod
data/bacula-9.6.6/src/win32/compat/compat.h:388:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
#define chmod win32_chmod
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:116:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (host, optarg);
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:120:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (daemon, optarg);
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:124:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (monitorname, optarg);
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:132:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pw, optarg);
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:304:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (answer, "BACULA CRITICAL - Cannot connect to %s!", dname);
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:309:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (answer, "BACULA CRITICAL - Cannot authenticate to %s: %s", dname, item->D_sock->msg);
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:326:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(item->D_sock->msg, OKqstatus, &num) != 1) {
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:328:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (answer, "BACULA CRITICAL - %s Status: %s", dname, item->D_sock->msg);
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:331:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (answer, "BACULA OK - %s Status OK", dname);
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:348:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(answer, "BACULA WARNING - Unexpected signal received : %s ", bnet_sig_to_ascii(item->D_sock->msglen));
data/bacula-9.6.6/platforms/freebsd/tapetest.c:584:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, prompt);
data/bacula-9.6.6/src/baconfig.h:571:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define sscanf bsscanf
data/bacula-9.6.6/src/baconfig.h:577:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define bstrdup(str) strcpy((char *)b_malloc(__FILE__,__LINE__,strlen((str))+1),(str))
data/bacula-9.6.6/src/baconfig.h:579:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define bstrdup(str) strcpy((char *)bmalloc(strlen((str))+1),(str))
data/bacula-9.6.6/src/cats/bvfs.c:1403:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
tmp.strcat("%");
data/bacula-9.6.6/src/cats/bvfs.c:1410:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
query.strcat(" UNION ");
data/bacula-9.6.6/src/cats/bvfs.c:1418:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
query.strcat(tmp.c_str());
data/bacula-9.6.6/src/cats/bvfs.c:1421:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
query.strcat(" UNION ");
data/bacula-9.6.6/src/cats/bvfs.c:1432:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
query.strcat(tmp.c_str());
data/bacula-9.6.6/src/cats/bvfs.c:1445:22: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
query.strcat(" UNION ");
data/bacula-9.6.6/src/cats/bvfs.c:1448:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
tmp.strcat(") UNION ");
data/bacula-9.6.6/src/cats/bvfs.c:1449:19: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
query.strcat(tmp.c_str());
data/bacula-9.6.6/src/cats/bvfs.c:1459:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
tmp.strcat(tmp2.c_str());
data/bacula-9.6.6/src/cats/bvfs.c:1464:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
tmp.strcat(") ");
data/bacula-9.6.6/src/cats/bvfs.c:1465:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
query.strcat(tmp.c_str());
data/bacula-9.6.6/src/cats/sql.c:262:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(acls[type], where?" WHERE ":" AND ");
data/bacula-9.6.6/src/cats/sqlite.c:193:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(db_file, working_directory);
data/bacula-9.6.6/src/cats/sqlite.c:195:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(db_file, m_db_name);
data/bacula-9.6.6/src/console/authenticate.c:162:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(dir->msg, newOKhello, &dir_version);
data/bacula-9.6.6/src/console/authenticate.c:165:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
} else if (sscanf(dir->msg, FDOKhello, &fd_version) == 1) {
data/bacula-9.6.6/src/console/bbconsjson.c:82:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bacula-9.6.6/src/console/console.c:120:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bacula-9.6.6/src/console/console.c:397:13: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
passwd = getpass(prompt);
data/bacula-9.6.6/src/console/console.c:608:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret, name);
data/bacula-9.6.6/src/dird/authenticate.c:165:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, SDOKnewHello, &jcr->SDVersion) != 1 &&
data/bacula-9.6.6/src/dird/authenticate.c:295:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(fd->msg, FDOKnewHello, &jcr->FDVersion) != 1) {
data/bacula-9.6.6/src/dird/backup.c:687:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
(sscanf(fd->msg, newEndJob, &jcr->FDJobStatus, &JobFiles,
data/bacula-9.6.6/src/dird/backup.c:690:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(fd->msg, EndJob, &jcr->FDJobStatus, &JobFiles,
data/bacula-9.6.6/src/dird/backup.c:692:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(fd->msg, OldEndJob, &jcr->FDJobStatus, &JobFiles,
data/bacula-9.6.6/src/dird/bdirjson.c:69:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bacula-9.6.6/src/dird/catreq.c:152:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
n = sscanf(bs->msg, Find_media, &JobId, &index, &pool_name, &mr.MediaType, &mr.VolType);
data/bacula-9.6.6/src/dird/catreq.c:187:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
n = sscanf(bs->msg, Get_Vol_Info, &JobId, &mr.VolumeName, &writing);
data/bacula-9.6.6/src/dird/catreq.c:248:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
n = sscanf(bs->msg, Update_media, &JobId, &sdmr.VolumeName,
data/bacula-9.6.6/src/dird/catreq.c:372:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(bs->msg, Create_jobmedia, &JobId) == 1) {
data/bacula-9.6.6/src/dird/dird.c:121:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bacula-9.6.6/src/dird/getmsg.c:305:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(bs->msg, Job_status, &JobId, &JobStatus) == 2) {
data/bacula-9.6.6/src/dird/getmsg.c:323:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(bs->msg, Device_update,
data/bacula-9.6.6/src/dird/msgchan.c:236:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, OKjob, &jcr->VolSessionId,
data/bacula-9.6.6/src/dird/msgchan.c:306:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
ok = sscanf(sd->msg, OK_device, device_name.c_str()) == 1;
data/bacula-9.6.6/src/dird/msgchan.c:345:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
ok = sscanf(sd->msg, OK_device, device_name.c_str()) == 1;
data/bacula-9.6.6/src/dird/msgchan.c:441:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, Job_start, Job) == 1) {
data/bacula-9.6.6/src/dird/msgchan.c:444:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, Job_end, Job, &JobStatus, &JobFiles,
data/bacula-9.6.6/src/dird/snapshot.c:376:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
n = sscanf(bs->msg, CreateSnap, Job, snapdbr.Name, vol, dev,
data/bacula-9.6.6/src/dird/snapshot.c:409:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
n = sscanf(bs->msg, ListSnap, Job, snapdbr.Name, vol, dev, &snapdbr.CreateTDate, snapdbr.Type,
data/bacula-9.6.6/src/dird/snapshot.c:430:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
n = sscanf(bs->msg, DelSnap, Job, snapdbr.Name, dev);
data/bacula-9.6.6/src/dird/ua_label.c:776:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, NT_("3001 Volume=%s Slot=%d"), VolName, &rtn_slot) == 2) {
data/bacula-9.6.6/src/dird/ua_label.c:971:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, NT_("drives=%d\n"), &drives) == 1) {
data/bacula-9.6.6/src/dird/ua_output.c:1001:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ua->UA_sock->msg, msg);
data/bacula-9.6.6/src/dird/ua_select.c:970:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pmsg, "%s (1-%d): ", msg, ua->num_prompts-1);
data/bacula-9.6.6/src/dird/ua_select.c:1051:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pmsg, "%s (1-%d): ", msg, ua->num_prompts-1);
data/bacula-9.6.6/src/dird/ua_tree.c:644:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n = sprintf(p, "%s,%s,",
data/bacula-9.6.6/src/dird/ua_tree.c:648:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n = sprintf(p, "%s,", edit_int64(statp->st_size, ec1));
data/bacula-9.6.6/src/filed/accurate.c:251:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(item->fname, fname);
data/bacula-9.6.6/src/filed/accurate.c:254:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(item->lstat, lstat);
data/bacula-9.6.6/src/filed/accurate.c:257:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(item->chksum, chksum);
data/bacula-9.6.6/src/filed/backup.c:1275:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ff->fname, ff->snap_fname);
data/bacula-9.6.6/src/filed/backup.c:1294:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ff->link, ff->snap_fname);
data/bacula-9.6.6/src/filed/backup.c:1417:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ff_pkt->fname, ff_pkt->fname_save);
data/bacula-9.6.6/src/filed/backup.c:1421:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ff_pkt->link, ff_pkt->link_save);
data/bacula-9.6.6/src/filed/bfdjson.c:70:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bacula-9.6.6/src/filed/fd_snapshot.c:1324:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(elt->cmd, start);
data/bacula-9.6.6/src/filed/fd_snapshot.c:1704:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
n = sscanf(dir->msg, QueryCmd, snap.Name, snap.Volume, snap.Device, &snap.CreateTDate, snap.Type);
data/bacula-9.6.6/src/filed/fd_snapshot.c:1714:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
n = sscanf(dir->msg, LsCmd, snap.Name, snap.Volume, snap.Device, &snap.CreateTDate, snap.Type, snap.path);
data/bacula-9.6.6/src/filed/fd_snapshot.c:1723:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
n = sscanf(dir->msg, DelCmd, snap.Name, snap.Volume, snap.Device, &snap.CreateTDate, snap.Type);
data/bacula-9.6.6/src/filed/fd_snapshot.c:1733:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
n = sscanf(dir->msg, PruneCmd, snap.Volume, snap.Type);
data/bacula-9.6.6/src/filed/fd_snapshot.c:1743:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
n = sscanf(dir->msg, SyncCmd, snap.Volume, snap.Type);
data/bacula-9.6.6/src/filed/fd_snapshot.c:1771:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
n = sscanf(dir->msg, ConfCmd, ed1);
data/bacula-9.6.6/src/filed/fdcollect.c:184:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, collect_all_cmd, fmt) != 1) {
data/bacula-9.6.6/src/filed/fdcollect.c:185:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, collect_metrics_cmd, fmt, cmd) != 2) {
data/bacula-9.6.6/src/filed/filed.c:58:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bacula-9.6.6/src/filed/filed.h:69:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int access; /* specify if monitors/restricted have access to this function */
data/bacula-9.6.6/src/filed/hello.c:344:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(UA_sock->msg, DirOKhello, &dir_version);
data/bacula-9.6.6/src/filed/job.c:223:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((cmd->access & ACCESS_MONITOR) && dir->monitor) {
data/bacula-9.6.6/src/filed/job.c:226:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((cmd->access & ACCESS_REMOTE) && dir->remote) {
data/bacula-9.6.6/src/filed/job.c:783:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, setbandwidth, &bw, Job) != 2 || bw < 0) {
data/bacula-9.6.6/src/filed/job.c:889:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, estimatecmd, &jcr->listing) != 1) {
data/bacula-9.6.6/src/filed/job.c:911:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, jobcmd, &jcr->JobId, jcr->Job,
data/bacula-9.6.6/src/filed/job.c:955:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, runbefore, cmd) != 1) {
data/bacula-9.6.6/src/filed/job.c:1005:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, runafter, msg) != 1) {
data/bacula-9.6.6/src/filed/job.c:1038:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, runscript, &on_success,
data/bacula-9.6.6/src/filed/job.c:1089:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, restoreobjcmd, &rop.JobId, &rop.object_len,
data/bacula-9.6.6/src/filed/job.c:1095:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, restoreobjcmd1, &rop.JobId, &rop.object_len,
data/bacula-9.6.6/src/filed/job.c:1925:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(dir->msg, "level = %s ", level) != 1) {
data/bacula-9.6.6/src/filed/job.c:1953:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(dir->msg, "level = since_utime %s mtime_only=%d prev_job=%127s",
data/bacula-9.6.6/src/filed/job.c:1955:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(dir->msg, "level = since_utime %s mtime_only=%d",
data/bacula-9.6.6/src/filed/job.c:2045:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, sessioncmd, jcr->VolumeName,
data/bacula-9.6.6/src/filed/job.c:2102:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, storaddr, &jcr->stored_addr, &stored_port,
data/bacula-9.6.6/src/filed/job.c:2106:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
} else if (sscanf(dir->msg, storaddr_v1, &jcr->stored_addr,
data/bacula-9.6.6/src/filed/job.c:2440:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, OK_open, &jcr->Ticket) != 1) {
data/bacula-9.6.6/src/filed/job.c:2551:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, OK_close, &SDJobStatus) == 1) {
data/bacula-9.6.6/src/filed/job.c:2591:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, verifycmd, level) != 1) {
data/bacula-9.6.6/src/filed/job.c:2703:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, restore_where, &files, &replace, &prefix_links, args) != 4) {
data/bacula-9.6.6/src/filed/job.c:2704:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, restore_rwhere, &files, &replace, &prefix_links, args) != 4) {
data/bacula-9.6.6/src/filed/job.c:2705:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, restorefcmd1, &files, &replace, &prefix_links) != 3) {
data/bacula-9.6.6/src/filed/job.c:2724:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, restore_where, &replace, &prefix_links, args) != 3) {
data/bacula-9.6.6/src/filed/job.c:2725:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, restore_rwhere, &replace, &prefix_links, args) != 3){
data/bacula-9.6.6/src/filed/job.c:2726:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, restorecmd1, &replace, &prefix_links) != 2) {
data/bacula-9.6.6/src/filed/job.c:2915:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, OK_open, &jcr->Ticket) != 1) {
data/bacula-9.6.6/src/filed/restore.c:482:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(bmsg->rbuf, rec_header, &VolSessionId, &VolSessionTime, &file_index,
data/bacula-9.6.6/src/filed/status.c:479:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, qstatus2, cmd, &sp.api, sp.api_opts) != 3) {
data/bacula-9.6.6/src/filed/status.c:480:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, qstatus1, cmd) != 1) {
data/bacula-9.6.6/src/filed/verify_vol.c:308:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(bmsg->rbuf, rec_header, &VolSessionId, &VolSessionTime, &file_index,
data/bacula-9.6.6/src/findlib/drivetype.c:41:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Dmsg0(n,s) fprintf(stderr, s)
data/bacula-9.6.6/src/findlib/drivetype.c:42:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Dmsg1(n,s,a1) fprintf(stderr, s, a1)
data/bacula-9.6.6/src/findlib/drivetype.c:43:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Dmsg2(n,s,a1,a2) fprintf(stderr, s, a1, a2)
data/bacula-9.6.6/src/findlib/fstype.c:42:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Dmsg0(n,s) fprintf(stderr, s)
data/bacula-9.6.6/src/findlib/fstype.c:43:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Dmsg1(n,s,a1) fprintf(stderr, s, a1)
data/bacula-9.6.6/src/findlib/fstype.c:44:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Dmsg2(n,s,a1,a2) fprintf(stderr, s, a1, a2)
data/bacula-9.6.6/src/findlib/match.c:212:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inc->fname, rp);
data/bacula-9.6.6/src/findlib/match.c:276:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exc->fname, fname);
data/bacula-9.6.6/src/findlib/namedpipe.c:44:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Dmsg(level, ...) printf(__VA_ARGS__ )
data/bacula-9.6.6/src/findlib/namedpipe.c:193:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(self->name, path);
data/bacula-9.6.6/src/lib/attr.c:143:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, p+1);
data/bacula-9.6.6/src/lib/bpipe.c:228:7: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(bargv[0], bargv); /* call the program */
data/bacula-9.6.6/src/lib/breg.c:255:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result,fname);
data/bacula-9.6.6/src/lib/breg.c:347:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result + i, fname + breg[0].rm_eo);
data/bacula-9.6.6/src/lib/bsnprintf.c:972:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
pcount = sprintf(buf2, fp_fmt[x], fp_nums[y]);
data/bacula-9.6.6/src/lib/bsnprintf.c:993:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
pcount = sprintf(buf2, int_fmt[x], int_nums[y]);
data/bacula-9.6.6/src/lib/bsnprintf.c:1013:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
pcount = sprintf(buf2, ll_fmt[x], ll_nums[y]);
data/bacula-9.6.6/src/lib/bsnprintf.c:1033:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
pcount = sprintf(buf2, s_fmt[x], s_nums[y]);
data/bacula-9.6.6/src/lib/bsnprintf.c:1053:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
pcount = sprintf(buf2, ls_fmt[x], ls_nums[y]);
data/bacula-9.6.6/src/lib/bsock.c:960:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(ofname, sizeof(ofname), ofnamefmt, mypid);
data/bacula-9.6.6/src/lib/bsock.c:961:12: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
rc = execl("/bin/netcat", "netcat", "-v", "-p", "20000", "-l", "-o", ofname, NULL);
data/bacula-9.6.6/src/lib/bsock.c:982:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(ofname, sizeof(ofname), ofnamefmt, pid);
data/bacula-9.6.6/src/lib/bsockcore.c:1305:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(ofname, sizeof(ofname), ofnamefmt, mypid);
data/bacula-9.6.6/src/lib/bsockcore.c:1306:12: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
rc = execl("/bin/netcat", "netcat", "-v", "-p", "20000", "-l", "-o", ofname, NULL);
data/bacula-9.6.6/src/lib/bsockcore.c:1322:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(ofname, sizeof(ofname), ofnamefmt, pid);
data/bacula-9.6.6/src/lib/bsys.c:454:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(str, size, format, ap);
data/bacula-9.6.6/src/lib/bsys.c:464:10: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
len = vsprintf(buf, format, ap);
data/bacula-9.6.6/src/lib/cram-md5.c:138:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(bs->msg, "auth cram-md5c %s ssl=%d", chal, tls_remote_need) == 2) {
data/bacula-9.6.6/src/lib/cram-md5.c:140:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (sscanf(bs->msg, "auth cram-md5 %s ssl=%d", chal, tls_remote_need) != 2) {
data/bacula-9.6.6/src/lib/cram-md5.c:141:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(bs->msg, "auth cram-md5 %s\n", chal) != 1) {
data/bacula-9.6.6/src/lib/edit.c:539:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, val);
data/bacula-9.6.6/src/lib/edit.c:569:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, str[i]);
data/bacula-9.6.6/src/lib/fnmatch.c:336:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Checking format test: %d - %s", tests[i].nr, tests[i].pattern);
data/bacula-9.6.6/src/lib/ini.c:817:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("cp -f test.cfg test3.cfg");
data/bacula-9.6.6/src/lib/lockmgr.c:1343:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("touch /tmp/afile");
data/bacula-9.6.6/src/lib/lockmgr.c:1344:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("id");
data/bacula-9.6.6/src/lib/lockmgr.c:1354:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("touch /tmp/afile2");
data/bacula-9.6.6/src/lib/lockmgr.c:1355:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("id");
data/bacula-9.6.6/src/lib/lockmgr.c:1424:19: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
intptr_t ret = system(buf);
data/bacula-9.6.6/src/lib/lz4.c:300:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, __FILE__ ": "); \
data/bacula-9.6.6/src/lib/lz4.c:301:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, __VA_ARGS__); \
data/bacula-9.6.6/src/lib/mem_pool.c:645:15: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
int POOL_MEM::strcat(const char *str)
data/bacula-9.6.6/src/lib/mem_pool.c:658:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
int POOL_MEM::strcpy(const char *str)
data/bacula-9.6.6/src/lib/mem_pool.h:96:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
int strcpy(const char *str);
data/bacula-9.6.6/src/lib/mem_pool.h:97:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
int strcat(const char *str);
data/bacula-9.6.6/src/lib/message.c:301:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exename, l);
data/bacula-9.6.6/src/lib/message.c:313:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exepath, cpath);
data/bacula-9.6.6/src/lib/message.c:1619:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
i = sprintf(*pool_buf, "%s:%d ", get_basename(file), line);
data/bacula-9.6.6/src/lib/message.c:1640:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
i = sprintf(pool_buf, "%s:%d ", get_basename(file), line);
data/bacula-9.6.6/src/lib/message.c:1750:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(item->msg, pool_buf);
data/bacula-9.6.6/src/lib/message.h:174:89: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void d_msg(const char *file, int line, int64_t level, const char *fmt,...) CHECK_FORMAT(printf, 4, 5);
data/bacula-9.6.6/src/lib/message.h:175:95: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void e_msg(const char *file, int line, int type, int level, const char *fmt,...) CHECK_FORMAT(printf, 5, 6);;
data/bacula-9.6.6/src/lib/message.h:176:80: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void Jmsg(JCR *jcr, int type, utime_t mtime, const char *fmt,...) CHECK_FORMAT(printf, 4, 5);
data/bacula-9.6.6/src/lib/message.h:177:80: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void Qmsg(JCR *jcr, int type, utime_t mtime, const char *fmt,...) CHECK_FORMAT(printf, 4, 5);
data/bacula-9.6.6/src/lib/parse_conf.c:191:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, arg_ptr);
data/bacula-9.6.6/src/lib/sellist.c:208:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, ed1);
data/bacula-9.6.6/src/lib/signal.c:177:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(exepath, exename);
data/bacula-9.6.6/src/lib/signal.c:216:14: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (execv(btpath, argv) != 0) {
data/bacula-9.6.6/src/lib/signal.c:270:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(buf);
data/bacula-9.6.6/src/lib/tree.c:330:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(node->fname, fname);
data/bacula-9.6.6/src/plugins/fd/bpipe-fd.c:735:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(omsg, str);
data/bacula-9.6.6/src/plugins/fd/docker/dkcommctx.c:364:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(command, X_OK) < 0){
data/bacula-9.6.6/src/plugins/fd/docker/dkinfo.c:36:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#ifdef sscanf
data/bacula-9.6.6/src/plugins/fd/docker/dkinfo.c:37:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#undef sscanf
data/bacula-9.6.6/src/plugins/fd/docker/docker-fd.c:38:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#ifdef sscanf
data/bacula-9.6.6/src/plugins/fd/docker/docker-fd.c:39:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#undef sscanf
data/bacula-9.6.6/src/plugins/fd/docker/docker-fd.c:115:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(DOCKER_CMD, X_OK) < 0){
data/bacula-9.6.6/src/plugins/fd/docker/docker-fd.c:1644:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
status = sscanf(fname, fmt.c_str(), label.c_str(), imageid.c_str());
data/bacula-9.6.6/src/plugins/fd/docker/docker-fd.c:1670:22: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
status = sscanf(fname, fmt.c_str(), label.c_str());
data/bacula-9.6.6/src/plugins/fd/docker/docker-fd.c:1740:20: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(fname, fmt.c_str(), label.c_str()) == 1 &&
data/bacula-9.6.6/src/plugins/fd/docker/docker-fd.c:1741:22: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(p, fmt2.c_str(), imageid.c_str()) == 1){
data/bacula-9.6.6/src/plugins/fd/docker/docker-fd.c:1870:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(DOCKER_CMD, X_OK) < 0){
data/bacula-9.6.6/src/qt-console/bcomm/dircomm.cpp:567:13: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
passwd = getpass(prompt);
data/bacula-9.6.6/src/qt-console/bcomm/dircomm_auth.cpp:158:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(dir->msg, newOKhello, &dir_version);
data/bacula-9.6.6/src/qt-console/bcomm/dircomm_auth.cpp:162:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(dir->msg, FDOKhello, &dir_version);
data/bacula-9.6.6/src/qt-console/main.cpp:73:48: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
qtTranslator.load(QString("qt_") + QLocale::system().name(),QLibraryInfo::location(QLibraryInfo::TranslationsPath));
data/bacula-9.6.6/src/qt-console/main.cpp:77:50: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
batTranslator.load(QString("bat_") + QLocale::system().name(),QLibraryInfo::location(QLibraryInfo::TranslationsPath));
data/bacula-9.6.6/src/qt-console/main.cpp:186:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bacula-9.6.6/src/qt-console/tray-monitor/tray-monitor.cpp:43:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bacula-9.6.6/src/qt-console/tray-monitor/tray-monitor.cpp:110:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(tmp.c_str(), tmp.size(), msg, arg_ptr);
data/bacula-9.6.6/src/qt-console/tray-monitor/tray-ui.h:378:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
tray->setToolTip(q.sprintf("Bacula Tray Monitor - %d job%s running", oldnbjobs, oldnbjobs>1?"s":""));
data/bacula-9.6.6/src/qt-console/tray-monitor/win32/qplatformdefs.h:153:35: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define QT_SNPRINTF ::_snprintf
data/bacula-9.6.6/src/qt-console/win32/qplatformdefs.h:153:35: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define QT_SNPRINTF ::_snprintf
data/bacula-9.6.6/src/stored/ansi_label.c:301:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ansi_volname, VolName);
data/bacula-9.6.6/src/stored/askdir.c:220:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
n = sscanf(dir->msg, OK_media, vol.VolCatName,
data/bacula-9.6.6/src/stored/bcopy.c:57:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bacula-9.6.6/src/stored/bextract.c:75:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bacula-9.6.6/src/stored/bls.c:64:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bacula-9.6.6/src/stored/bscan.c:106:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bacula-9.6.6/src/stored/bsdjson.c:79:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bacula-9.6.6/src/stored/btape.c:2378:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/btape.state", working_directory);
data/bacula-9.6.6/src/stored/btape.c:2440:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/btape.state", working_directory);
data/bacula-9.6.6/src/stored/btape.c:2968:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bacula-9.6.6/src/stored/cloud_dev.c:204:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p,partnumber);
data/bacula-9.6.6/src/stored/cloud_test.c:35:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bacula-9.6.6/src/stored/dircmd.c:364:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, storaddr, &jcr->stored_addr, &stored_port,
data/bacula-9.6.6/src/stored/fd_cmds.c:414:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(fd->msg, read_open, jcr->read_dcr->VolumeName, &jcr->read_VolSessionId,
data/bacula-9.6.6/src/stored/job.c:80:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
stat = sscanf(dir->msg, jobcmd, &JobId, job.c_str(), job_name.c_str(),
data/bacula-9.6.6/src/stored/job.c:265:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
ok = sscanf(dir->msg, query_device, dev_name.c_str()) == 1;
data/bacula-9.6.6/src/stored/label.c:823:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dev->VolHdr.ProgVersion, "Ver. %s %s ", VERSION, BDATE);
data/bacula-9.6.6/src/stored/label.c:824:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dev->VolHdr.ProgDate, "Build %s %s ", __DATE__, __TIME__);
data/bacula-9.6.6/src/stored/reserve.c:287:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
ok = sscanf(dir->msg, use_storage, store_name.c_str(),
data/bacula-9.6.6/src/stored/reserve.c:316:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
ok = sscanf(dir->msg, use_device, dev_name.c_str()) == 1;
data/bacula-9.6.6/src/stored/sdcollect.c:241:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, collect_all_cmd, fmt) != 1) {
data/bacula-9.6.6/src/stored/sdcollect.c:242:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, collect_metrics_cmd, fmt, cmd) != 2) {
data/bacula-9.6.6/src/stored/stored.c:76:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bacula-9.6.6/src/stored/vtape_dev.c:927:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lockfile, pathname);
data/bacula-9.6.6/src/tools/bbatch.c:71:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bacula-9.6.6/src/tools/bpluginfo.c:328:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dirtmp, argv[i]);
data/bacula-9.6.6/src/tools/bsmtp.c:143:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(sfp, fmt, ap);
data/bacula-9.6.6/src/tools/bsmtp.c:148:7: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, ap);
data/bacula-9.6.6/src/tools/bsmtp.c:235:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, tzbuf); /* add +0100 */
data/bacula-9.6.6/src/tools/bsmtp.c:237:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, tzbuf); /* add (CEST) */
data/bacula-9.6.6/src/tools/bsnapshot.c:36:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(debug, __VA_ARGS__ ); \
data/bacula-9.6.6/src/tools/bsnapshot.c:43:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, __VA_ARGS__ ); \
data/bacula-9.6.6/src/tools/bsnapshot.c:602:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->path, path);
data/bacula-9.6.6/src/tools/bsnapshot.c:688:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(elt1->path, p);
data/bacula-9.6.6/src/tools/bsnapshot.c:888:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(errmsg, cmd, ed1) == 1) {
data/bacula-9.6.6/src/tools/bsnapshot.c:1125:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(start, "%s (%d:%d)", *ret, &maj, &min) == 3 ||
data/bacula-9.6.6/src/tools/bsnapshot.c:1126:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(start, "%s (%d, %d)", *ret, &maj, &min) == 3)
data/bacula-9.6.6/src/tools/bsnapshot.c:1462:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, p+1);
data/bacula-9.6.6/src/tools/bsnapshot.c:1774:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(arg->mountpoint, W_OK) != 0) {
data/bacula-9.6.6/src/tools/bvfs_test.c:50:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bacula-9.6.6/src/tools/cats_test.c:47:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bacula-9.6.6/src/tools/cats_test.c:489:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(jr.Job, buf);
data/bacula-9.6.6/src/tools/cats_test.c:498:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(jr2.Job, jr.Job);
data/bacula-9.6.6/src/tools/cats_test.c:564:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cr2.Name, cr.Name);
data/bacula-9.6.6/src/tools/dbcheck.c:96:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/bacula-9.6.6/src/tools/timelimit.c:203:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, v);
data/bacula-9.6.6/src/tools/timelimit.c:215:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, v);
data/bacula-9.6.6/src/tools/timelimit.c:227:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, v);
data/bacula-9.6.6/src/tools/timelimit.c:508:9: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[0], argv);
data/bacula-9.6.6/src/win32/compat/compat.cpp:335:7: [4] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
wcscat(pwszBuf, szDrive);
data/bacula-9.6.6/src/win32/compat/compat.cpp:351:10: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(pwszBuf, pwszCurDirBuf);
data/bacula-9.6.6/src/win32/compat/compat.cpp:354:10: [4] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
wcscat(pwszBuf, pwszCurDirBuf);
data/bacula-9.6.6/src/win32/compat/compat.cpp:517:10: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy((LPWSTR) *pszUCS, (LPWSTR)g_pWin32ConvUCS2Cache);
data/bacula-9.6.6/src/win32/compat/compat.cpp:536:4: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy((LPWSTR) g_pWin32ConvUCS2Cache, (LPWSTR) *pszUCS);
data/bacula-9.6.6/src/win32/compat/compat.cpp:1253:1: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(const char *, char *[]) {
data/bacula-9.6.6/src/win32/compat/compat.cpp:1357:6: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
void syslog(int type, const char *fmt, ...)
data/bacula-9.6.6/src/win32/compat/compat.cpp:2710:46: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
foo = p_CreateFileW((LPCWSTR) pwszBuf, access, shareMode, NULL, create, msflags, NULL);
data/bacula-9.6.6/src/win32/compat/compat.cpp:2713:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
foo = CreateFile(file, access, shareMode, NULL, create, msflags, NULL);
data/bacula-9.6.6/src/win32/compat/compat.cpp:2897:21: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
char *filename = mktemp(t);
data/bacula-9.6.6/src/win32/compat/compat.h:62:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
( strcpy( (_buf), asctime( (_tm) ) ), \
data/bacula-9.6.6/src/win32/compat/compat.h:66:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
( strcpy( (_buf), ctime( (_clock) ) ), \
data/bacula-9.6.6/src/win32/compat/compat.h:305:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/bacula-9.6.6/src/win32/compat/compat.h:306:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/bacula-9.6.6/src/win32/compat/compat.h:306:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/bacula-9.6.6/src/win32/compat/compat.h:362:13: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
extern void syslog(int type, const char *fmt, ...);
data/bacula-9.6.6/src/win32/compat/compat.h:372:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
#define access _access
data/bacula-9.6.6/src/win32/compat/compat.h:374:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int execvp(const char *, char *[]);
data/bacula-9.6.6/src/win32/compat/print.cpp:743:12: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rval = vsnprintf(str, 128*1024, fmt, ap);
data/bacula-9.6.6/src/win32/compat/print.cpp:756:12: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rval = vsnprintf(str, count, fmt, ap);
data/bacula-9.6.6/src/win32/compat/syslog.h:28:13: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
extern void syslog(int type, const char *fmt, ...);
data/bacula-9.6.6/src/win32/filed/plugins/bpipe-fd.c:337:22: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
p_ctx->fd = popen(writer_codes, "w");
data/bacula-9.6.6/src/win32/filed/plugins/bpipe-fd.c:353:22: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
p_ctx->fd = popen(p_ctx->reader, "r");
data/bacula-9.6.6/src/win32/filed/plugins/bpipe-fd.c:550:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(omsg, str);
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:187:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, full_path);
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:300:7: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(saved_log_path, restore_environment->m_wszRestoreLogPath);
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:401:10: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(file_node->filename, restore_environment->m_wszRestoreLogPath);
data/bacula-9.6.6/src/win32/filed/plugins/exchange-fd.c:309:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(command, (char *)value);
data/bacula-9.6.6/src/win32/filed/plugins/exchange-fd.c:335:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(context->path_bits[i], path_bit);
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:188:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, full_path);
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:309:7: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(saved_log_path, restore_environment->m_wszRestoreLogPath);
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:425:10: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(file_node->filename, restore_environment->m_wszRestoreLogPath);
data/bacula-9.6.6/src/win32/filed/vss.h:46:22: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
#define bwcsdup(str) wcscpy((WCHAR *)bmalloc((wcslen(str)+1)*sizeof(WCHAR)),(str))
data/bacula-9.6.6/src/win32/filed/vss.h:78:10: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(volumeName, VolumeName);
data/bacula-9.6.6/src/win32/tools/ScsiDeviceList.cpp:92:4: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(m_szDevicePath, other.m_szDevicePath);
data/bacula-9.6.6/src/win32/tools/ScsiDeviceList.cpp:135:7: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(m_szLastKey, c_ScsiPath);
data/bacula-9.6.6/src/win32/tools/ScsiDeviceList.h:100:4: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(m_szDevicePath, other.m_szDevicePath);
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:111:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "H:D:M:P:K:d:h?")) != -1) {
data/bacula-9.6.6/platforms/freebsd/tapetest.c:172:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "d:v?")) != -1) {
data/bacula-9.6.6/src/console/bbconsjson.c:129:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "n:vDabc:d:jl:r:t?")) != -1) {
data/bacula-9.6.6/src/console/conio.c:942:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *termtype = (char *)getenv("TERM");
data/bacula-9.6.6/src/console/console.c:1129:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "D:lc:d:nstu:?C:L")) != -1) {
data/bacula-9.6.6/src/console/console.c:1348:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *env = getenv("HOME");
data/bacula-9.6.6/src/dird/bdirjson.c:132:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "RCDc:d:stv?l:r:n:")) != -1) {
data/bacula-9.6.6/src/dird/dird.c:193:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "c:d:fg:mPr:stu:v?T")) != -1) {
data/bacula-9.6.6/src/dird/expand.c:288:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((val = getenv(buf)) == NULL) {
data/bacula-9.6.6/src/filed/bfdjson.c:138:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "Dr:n:c:d:tv?l:")) != -1) {
data/bacula-9.6.6/src/filed/filed.c:108:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "c:d:fg:kmPstTu:v?D:")) != -1) {
data/bacula-9.6.6/src/lib/cram-md5.c:62:4: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom((t1.tv_sec&0xffff) * (t2.tv_usec&0xff));
data/bacula-9.6.6/src/lib/cram-md5.c:67:58: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
bsnprintf(chal, sizeof(chal), "<%u.%u@%s>", (uint32_t)random(), (uint32_t)time(NULL), host);
data/bacula-9.6.6/src/lib/crc32.c:442:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "h?")) != -1) {
data/bacula-9.6.6/src/lib/md5.c:300:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "d?")) != -1) {
data/bacula-9.6.6/src/lib/message.c:271:11: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(argv[0], cargv0) != NULL){
data/bacula-9.6.6/src/lib/util.c:675:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((shellcmd = getenv("SHELL")) == NULL) {
data/bacula-9.6.6/src/qt-console/main.cpp:107:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "bc:d:r:st?")) != -1) {
data/bacula-9.6.6/src/qt-console/tray-monitor/tray-monitor.cpp:207:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
working_directory = getenv("TMP");
data/bacula-9.6.6/src/qt-console/tray-monitor/tray-monitor.cpp:222:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "c:d:th?TW:")) != -1) {
data/bacula-9.6.6/src/qt-console/tray-monitor/tray-monitor.cpp:273:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv(HOME_VAR) != NULL) {
data/bacula-9.6.6/src/qt-console/tray-monitor/tray-monitor.cpp:274:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
int len = strlen(getenv(HOME_VAR)) + strlen(CONFIG_FILE_HOME) + 5;
data/bacula-9.6.6/src/qt-console/tray-monitor/tray-monitor.cpp:276:46: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
bsnprintf(configfile, len, "%s/%s", getenv(HOME_VAR), CONFIG_FILE_HOME);
data/bacula-9.6.6/src/stored/bcopy.c:93:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "b:c:d:i:o:pvw:?")) != -1) {
data/bacula-9.6.6/src/stored/bextract.c:119:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "Ttb:c:d:e:i:pvV:?")) != -1) {
data/bacula-9.6.6/src/stored/bls.c:112:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "b:c:d:e:i:jkLpvV:?EDF:")) != -1) {
data/bacula-9.6.6/src/stored/bscan.c:152:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "b:c:d:D:h:o:k:e:a:p:mn:pP:rsSt:u:vV:w:?")) != -1) {
data/bacula-9.6.6/src/stored/bsdjson.c:121:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "Dc:d:tv?r:n:l:")) != -1) {
data/bacula-9.6.6/src/stored/btape.c:211:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(margc, margv, "b:w:c:d:psv?")) != -1) {
data/bacula-9.6.6/src/stored/btape.c:433:10: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(time(NULL));
data/bacula-9.6.6/src/stored/btape.c:435:20: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
p[i] = random();
data/bacula-9.6.6/src/stored/cloud_dev.c:133:4: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/bacula-9.6.6/src/stored/cloud_dev.c:172:4: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/bacula-9.6.6/src/stored/cloud_test.c:169:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "b:c:d:vV:?")) != -1) {
data/bacula-9.6.6/src/stored/stored.c:153:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "c:d:fg:mpPstu:v?Ti")) != -1) {
data/bacula-9.6.6/src/tools/bbatch.c:125:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "bBh:o:k:e:a:c:d:n:P:Su:vf:w:r:?")) != -1) {
data/bacula-9.6.6/src/tools/bpluginfo.c:330:18: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(dirtmp, progdir) == NULL) {
data/bacula-9.6.6/src/tools/bregex.c:86:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "d:f:ln?")) != -1) {
data/bacula-9.6.6/src/tools/bregtest.c:70:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "sd:f:e:")) != -1) {
data/bacula-9.6.6/src/tools/bsmtp.c:278:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, options)) != -1) {
data/bacula-9.6.6/src/tools/bsmtp.c:362:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("SMTPSERVER")) != NULL) {
data/bacula-9.6.6/src/tools/bsnapshot.c:208:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
action(getenv("SNAPSHOT_ACTION")),
data/bacula-9.6.6/src/tools/bsnapshot.c:209:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
volume(getenv("SNAPSHOT_VOLUME")),
data/bacula-9.6.6/src/tools/bsnapshot.c:210:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
device(getenv("SNAPSHOT_DEVICE")),
data/bacula-9.6.6/src/tools/bsnapshot.c:211:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
name( getenv("SNAPSHOT_NAME")),
data/bacula-9.6.6/src/tools/bsnapshot.c:212:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
mountpoint(getenv("SNAPSHOT_MOUNTPOINT")),
data/bacula-9.6.6/src/tools/bsnapshot.c:213:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
snapmountpoint(getenv("SNAPSHOT_SNAPMOUNTPOINT")),
data/bacula-9.6.6/src/tools/bsnapshot.c:214:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
type( getenv("SNAPSHOT_TYPE")),
data/bacula-9.6.6/src/tools/bsnapshot.c:215:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
fstype(getenv("SNAPSHOT_FSTYPE")),
data/bacula-9.6.6/src/tools/bsnapshot.c:1883:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "?d:vc:so:V:T:t")) != -1) {
data/bacula-9.6.6/src/tools/bvfs_test.c:130:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "h:o:k:e:a:c:l:d:n:P:Su:vf:w:?j:p:f:T")) != -1) {
data/bacula-9.6.6/src/tools/bwild.c:61:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "d:f:iln?")) != -1) {
data/bacula-9.6.6/src/tools/cats_test.c:237:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "qh:c:l:d:n:P:Su:vFw:?p:f:T")) != -1) {
data/bacula-9.6.6/src/tools/dbcheck.c:137:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "bc:C:d:fvB?")) != -1) {
data/bacula-9.6.6/src/tools/drivetype.c:83:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "alv?")) != -1) {
data/bacula-9.6.6/src/tools/fstype.c:105:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "lmv?")) != -1) {
data/bacula-9.6.6/src/tools/testfind.c:95:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "ac:d:f:?")) != -1) {
data/bacula-9.6.6/src/tools/testls.c:87:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "ad:e:i:q?")) != -1) {
data/bacula-9.6.6/src/tools/timelimit.c:314:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s = getenv(envopts[i].name)) != NULL) {
data/bacula-9.6.6/src/tools/timelimit.c:322:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "+lqpS:s:T:t:")) != -1) {
data/bacula-9.6.6/src/win32/compat/compat.cpp:561:13: [3] (misc) LoadLibraryEx:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
handle = LoadLibraryEx(file, NULL, LOAD_WITH_ALTERED_SEARCH_PATH);
data/bacula-9.6.6/src/win32/compat/compat.cpp:606:1: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random(void)
data/bacula-9.6.6/src/win32/compat/compat.cpp:612:1: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(unsigned int seed)
data/bacula-9.6.6/src/win32/compat/compat.cpp:614:4: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/bacula-9.6.6/src/win32/compat/compat.cpp:2329:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
comspec = getenv("COMSPEC");
data/bacula-9.6.6/src/win32/compat/compat.h:323:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long int random(void);
data/bacula-9.6.6/src/win32/compat/compat.h:324:6: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void srandom(unsigned int seed);
data/bacula-9.6.6/src/win32/compat/getopt.c:89:5: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int argc, char *const argv[], const char *opstring)
data/bacula-9.6.6/src/win32/compat/getopt.h:32:5: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int argc, char * const argv[], const char *optstring);
data/bacula-9.6.6/src/win32/libwin32/service.cpp:168:29: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
HINSTANCE kerneldll = LoadLibrary("KERNEL32.DLL");
data/bacula-9.6.6/src/win32/libwin32/service.cpp:521:22: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
HINSTANCE hLib = LoadLibrary("ADVAPI32.DLL");
data/bacula-9.6.6/examples/nagios/check_bacula/authenticate.c:74:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bashed_name[MAX_NAME_LENGTH];
data/bacula-9.6.6/examples/nagios/check_bacula/authenticate.c:107:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[MAX_NAME_LENGTH];
data/bacula-9.6.6/examples/nagios/check_bacula/authenticate.c:146:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[MAX_NAME_LENGTH];
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:84:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[250];
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:85:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char daemon[20];
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:86:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char monitorname[100];
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:87:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pw[200];
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:90:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char answer[1024];
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:95:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char signature[16];
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:128:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(optarg);
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:136:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:159:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig[100];
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:164:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&sig[j], "%02x", signature[i]);
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:337:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(answer, "BACULA WARNING - << EOD >>");
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:341:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(answer, "BACULA WARNING - BNET_SUB_PROMPT signal received.");
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:352:18: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(answer, "BACULA CRITICAL - ERROR: BNET_HARDEOF or BNET_ERROR");
data/bacula-9.6.6/platforms/freebsd/tapetest.c:125:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100000];
data/bacula-9.6.6/platforms/freebsd/tapetest.c:157:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cmd[1000];
data/bacula-9.6.6/platforms/freebsd/tapetest.c:175:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/platforms/freebsd/tapetest.c:207:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(argv[0], O_RDWR);
data/bacula-9.6.6/platforms/freebsd/tapetest.c:330:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(cmd);
data/bacula-9.6.6/platforms/freebsd/tapetest.c:353:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rfd = open("/dev/urandom", O_RDONLY);
data/bacula-9.6.6/platforms/freebsd/tapetest.c:446:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rfd = open("/dev/urandom", O_RDONLY);
data/bacula-9.6.6/src/baconfig.h:574:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen bfopen
data/bacula-9.6.6/src/cats/bvfs.c:342:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathid[50];
data/bacula-9.6.6/src/cats/bvfs.c:419:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jobid[50];
data/bacula-9.6.6/src/cats/bvfs.c:883:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], *eclients;
data/bacula-9.6.6/src/cats/bvfs.c:927:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/bvfs.c:1029:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/bvfs.c:1085:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/cats/bvfs.c:1129:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/cats/bvfs.c:1223:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathid[50];
data/bacula-9.6.6/src/cats/bvfs.c:1270:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[maxlen+1];
data/bacula-9.6.6/src/cats/bvfs.c:1548:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/bvfs.c:1583:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
db->fnl = strlen((char *)res[2]);
data/bacula-9.6.6/src/cats/bvfs.c:1585:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
db->bdb_escape_string(jcr, db->esc_name, (char *)res[2], db->fnl);
data/bacula-9.6.6/src/cats/cats.h:122:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH]; /* Job unique name */
data/bacula-9.6.6/src/cats/cats.h:123:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Name[MAX_NAME_LENGTH]; /* Job base name */
data/bacula-9.6.6/src/cats/cats.h:124:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PriorJob[MAX_NAME_LENGTH]; /* PriorJob name if any */
data/bacula-9.6.6/src/cats/cats.h:157:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cSchedTime[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/cats/cats.h:158:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cStartTime[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/cats/cats.h:159:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cEndTime[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/cats/cats.h:160:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cRealEndTime[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/cats/cats.h:192:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolumeName[MAX_NAME_LENGTH]; /* Volume name */
data/bacula-9.6.6/src/cats/cats.h:193:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MediaType[MAX_NAME_LENGTH]; /* Media Type */
data/bacula-9.6.6/src/cats/cats.h:194:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Storage[MAX_NAME_LENGTH]; /* Storage name */
data/bacula-9.6.6/src/cats/cats.h:253:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LStat[256];
data/bacula-9.6.6/src/cats/cats.h:254:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Digest[BASE64_SIZE(CRYPTO_DIGEST_MAX_SIZE)];
data/bacula-9.6.6/src/cats/cats.h:268:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Name[MAX_NAME_LENGTH]; /* Pool name */
data/bacula-9.6.6/src/cats/cats.h:286:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PoolType[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/cats/cats.h:287:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LabelFormat[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/cats/cats.h:295:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Name[MAX_NAME_LENGTH]; /* Device name */
data/bacula-9.6.6/src/cats/cats.h:313:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Name[MAX_NAME_LENGTH]; /* Device name */
data/bacula-9.6.6/src/cats/cats.h:323:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MediaType[MAX_NAME_LENGTH]; /* MediaType string */
data/bacula-9.6.6/src/cats/cats.h:333:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void copy(MEDIA_DBR *omr) { memcpy(this, omr, sizeof(MEDIA_DBR)); sid_group = NULL; };
data/bacula-9.6.6/src/cats/cats.h:336:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolumeName[MAX_NAME_LENGTH]; /* Volume name */
data/bacula-9.6.6/src/cats/cats.h:337:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MediaType[MAX_NAME_LENGTH]; /* Media type */
data/bacula-9.6.6/src/cats/cats.h:377:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolStatus[20]; /* Volume status */
data/bacula-9.6.6/src/cats/cats.h:387:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cFirstWritten[MAX_TIME_LENGTH]; /* FirstWritten returned from DB */
data/bacula-9.6.6/src/cats/cats.h:388:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cLastWritten[MAX_TIME_LENGTH]; /* LastWritten returned from DB */
data/bacula-9.6.6/src/cats/cats.h:389:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cLabelDate[MAX_TIME_LENGTH]; /* LabelData returned from DB */
data/bacula-9.6.6/src/cats/cats.h:390:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cInitialWrite[MAX_TIME_LENGTH]; /* InitialWrite returned from DB */
data/bacula-9.6.6/src/cats/cats.h:393:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sid[30]; /* edited StorageId */
data/bacula-9.6.6/src/cats/cats.h:404:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Name[MAX_NAME_LENGTH]; /* Client name */
data/bacula-9.6.6/src/cats/cats.h:405:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Uname[256]; /* Uname for client */
data/bacula-9.6.6/src/cats/cats.h:410:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Counter[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/cats/cats.h:414:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char WrapCounter[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/cats/cats.h:421:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FileSet[MAX_NAME_LENGTH]; /* FileSet name */
data/bacula-9.6.6/src/cats/cats.h:422:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MD5[50]; /* MD5 signature of include/exclude */
data/bacula-9.6.6/src/cats/cats.h:427:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cCreateTime[MAX_TIME_LENGTH]; /* CreateTime as returned from DB */
data/bacula-9.6.6/src/cats/cats.h:494:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char created_after[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/cats/cats.h:495:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char created_before[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/cats/cats.h:504:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Name[MAX_NAME_LENGTH]; /* Snapshot Name */
data/bacula-9.6.6/src/cats/cats.h:505:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FileSet[MAX_NAME_LENGTH];/* FileSet name if any */
data/bacula-9.6.6/src/cats/cats.h:506:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Client[MAX_NAME_LENGTH]; /* Client name */
data/bacula-9.6.6/src/cats/cats.h:507:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Type[MAX_NAME_LENGTH]; /* zfs, btrfs, lvm, netapp, */
data/bacula-9.6.6/src/cats/cats.h:508:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Comment[MAX_NAME_LENGTH];/* Comment */
data/bacula-9.6.6/src/cats/cats.h:509:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CreateDate[MAX_TIME_LENGTH]; /* Create date as string */
data/bacula-9.6.6/src/cats/cats.h:584:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256]; /* Used to print last dash line */
data/bacula-9.6.6/src/cats/mysql.c:444:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*dest, from, expected_len);
data/bacula-9.6.6/src/cats/mysql.c:731:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/postgresql.c:245:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10], *port;
data/bacula-9.6.6/src/cats/postgresql.c:288:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *keywords[10] = {"host", "port",
data/bacula-9.6.6/src/cats/postgresql.c:293:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *values[10] = {mdb->m_db_address, /* default localhost */
data/bacula-9.6.6/src/cats/postgresql.c:469:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mdb->esc_obj, obj, new_len);
data/bacula-9.6.6/src/cats/postgresql.c:500:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*dest, obj, new_len);
data/bacula-9.6.6/src/cats/postgresql.c:833:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sequence[NAMEDATALEN-1];
data/bacula-9.6.6/src/cats/postgresql.c:834:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char getkeyval_query[NAMEDATALEN+50];
data/bacula-9.6.6/src/cats/postgresql.c:1135:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql.c:452:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30];
data/bacula-9.6.6/src/cats/sql.c:484:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30];
data/bacula-9.6.6/src/cats/sql.c:578:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mdb->fname, f, mdb->fnl); /* copy filename */
data/bacula-9.6.6/src/cats/sql.c:588:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mdb->path, afname, mdb->pnl);
data/bacula-9.6.6/src/cats/sql.c:652:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2000], ewc[30];
data/bacula-9.6.6/src/cats/sql.c:801:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2000], ewc[30];
data/bacula-9.6.6/src/cats/sql_create.c:47:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/cats/sql_create.c:53:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30],ed2[30];
data/bacula-9.6.6/src/cats/sql_create.c:54:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_job[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_create.c:55:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_name[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_create.c:102:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/cats/sql_create.c:152:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30], ed2[30], ed3[50], ed4[50], ed5[50], ed6[50];
data/bacula-9.6.6/src/cats/sql_create.c:153:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_name[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_create.c:154:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_lf[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_create.c:216:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30], ed2[30];
data/bacula-9.6.6/src/cats/sql_create.c:217:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_create.c:264:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_create.c:288:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sr->AutoChanger = atoi(row[1]); /* bool */
data/bacula-9.6.6/src/cats/sql_create.c:322:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_create.c:368:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50], ed4[50], ed5[50], ed6[50], ed7[50], ed8[50];
data/bacula-9.6.6/src/cats/sql_create.c:369:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed9[50], ed10[50], ed11[50], ed12[50], ed13[50], ed14[50];
data/bacula-9.6.6/src/cats/sql_create.c:371:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_name[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_create.c:372:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_mtype[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_create.c:373:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_status[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_create.c:444:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/cats/sql_create.c:474:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/cats/sql_create.c:475:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_name[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_create.c:476:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_uname[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_create.c:555:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30];
data/bacula-9.6.6/src/cats/sql_create.c:614:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_create.c:622:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cr, &mcr, sizeof(COUNTER_DBR));
data/bacula-9.6.6/src/cats/sql_create.c:656:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_fs[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_create.c:657:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_md5[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_create.c:991:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30];
data/bacula-9.6.6/src/cats/sql_create.c:1109:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_create.c:1220:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_name[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_create.c:1226:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_comment[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_create.c:1227:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH], ed1[50], ed2[50];
data/bacula-9.6.6/src/cats/sql_delete.c:49:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_delete.c:144:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_delete.c:214:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mr->VolStatus, "Purged");
data/bacula-9.6.6/src/cats/sql_find.c:55:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/cats/sql_find.c:56:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_name[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_find.c:107:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/cats/sql_find.c:108:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_name[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_find.c:205:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/cats/sql_find.c:206:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_name[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_find.c:253:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/cats/sql_find.c:254:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_name[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_find.c:298:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_find.c:299:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_name[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_find.c:372:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_type[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_find.c:373:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_status[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_find.c:374:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_get.c:99:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50], ed4[50];
data/bacula-9.6.6/src/cats/sql_get.c:184:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30];
data/bacula-9.6.6/src/cats/sql_get.c:234:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30];
data/bacula-9.6.6/src/cats/sql_get.c:278:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_get.c:279:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_get.c:357:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_get.c:411:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_get.c:496:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_get.c:640:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_get.c:641:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_get.c:661:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30];
data/bacula-9.6.6/src/cats/sql_get.c:710:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_get.c:762:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_get.c:788:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30];
data/bacula-9.6.6/src/cats/sql_get.c:828:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rr->object, cmd, len);
data/bacula-9.6.6/src/cats/sql_get.c:855:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_get.c:856:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_get.c:909:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_get.c:963:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_get.c:964:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_get.c:981:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30];
data/bacula-9.6.6/src/cats/sql_get.c:1035:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_get.c:1037:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_NAME_LENGTH*3]; /* Can contain MAX_NAME_LENGTH*2+1 + AND ....='' */
data/bacula-9.6.6/src/cats/sql_get.c:1038:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_NAME_LENGTH*2+1];
data/bacula-9.6.6/src/cats/sql_get.c:1161:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_get.c:1163:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_get.c:1199:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_get.c:1391:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clientid[50], jobid[50], filesetid[50];
data/bacula-9.6.6/src/cats/sql_get.c:1392:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/cats/sql_get.c:1393:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_get.c:1514:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/cats/sql_get.c:1515:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_get.c:1560:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_get.c:1575:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_get.c:1595:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_get.c:1597:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_get.c:1628:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_get.c:1685:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_get.c:1757:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char job_esc[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_get.c:1778:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_list.c:74:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_list.c:146:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_list.c:196:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_list.c:197:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_list.c:281:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_list.c:383:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_list.c:417:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_list.c:418:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char limit[50];
data/bacula-9.6.6/src/cats/sql_list.c:419:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_list.c:566:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_list.c:626:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_list.c:669:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_update.c:52:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_update.c:71:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/cats/sql_update.c:89:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/cats/sql_update.c:94:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50], ed4[50], ed5[50];
data/bacula-9.6.6/src/cats/sql_update.c:124:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30];
data/bacula-9.6.6/src/cats/sql_update.c:149:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/cats/sql_update.c:150:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rdt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/cats/sql_update.c:154:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30], ed2[30], ed3[50], ed4[50];
data/bacula-9.6.6/src/cats/sql_update.c:156:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PriorJobId[50];
data/bacula-9.6.6/src/cats/sql_update.c:204:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/cats/sql_update.c:205:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_name[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_update.c:206:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_uname[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_update.c:239:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_update.c:256:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50], ed4[50], ed5[50], ed6[50], ed7[50];
data/bacula-9.6.6/src/cats/sql_update.c:257:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_update.c:292:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_update.c:312:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/cats/sql_update.c:316:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50], ed4[50];
data/bacula-9.6.6/src/cats/sql_update.c:317:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed5[50], ed6[50], ed7[50], ed8[50];
data/bacula-9.6.6/src/cats/sql_update.c:318:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed9[50], ed10[50], ed11[50], ed12[50];
data/bacula-9.6.6/src/cats/sql_update.c:319:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed13[50], ed14[50], ed15[50], ed16[50];
data/bacula-9.6.6/src/cats/sql_update.c:320:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_name[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_update.c:321:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_status[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_update.c:428:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50], ed4[50], ed5[50], ed6[50];
data/bacula-9.6.6/src/cats/sql_update.c:429:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_update.c:480:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/cats/sql_update.c:481:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/cats/sql_update.c:513:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/cats/sqlite.c:196:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(db_file, ".db");
data/bacula-9.6.6/src/cats/sqlite.c:707:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/console/authenticate.c:69:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bashed_name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/console/bbconsjson.c:151:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/console/bbconsjson.c:210:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bacula-9.6.6/src/console/bbconsjson.c:489:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3000];
data/bacula-9.6.6/src/console/bbconsjson.c:552:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3000];
data/bacula-9.6.6/src/console/bbconsjson.c:564:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[3000];
data/bacula-9.6.6/src/console/bbconsjson.c:575:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(obuf, q, len);
data/bacula-9.6.6/src/console/bbconsjson.c:577:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(obuf+len, "\r\n", 3);
data/bacula-9.6.6/src/console/conio.c:71:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern "C" int tgetnum(char id[2]);
data/bacula-9.6.6/src/console/conio.c:72:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern "C" char *tgetstr(char id[2], char **);
data/bacula-9.6.6/src/console/conio.c:72:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern "C" char *tgetstr(char id[2], char **);
data/bacula-9.6.6/src/console/conio.c:169:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pool[POOLEN]; /* line pool */
data/bacula-9.6.6/src/console/conio.c:328:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAX_STAB];
data/bacula-9.6.6/src/console/conio.c:371:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bacula-9.6.6/src/console/conio.c:378:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " 0x%x ", c);
data/bacula-9.6.6/src/console/conio.c:386:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " func=%d len=%d\n\r", tstab->func, tstab->len);
data/bacula-9.6.6/src/console/conio.c:457:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curline[2000]; /* edit buffer */
data/bacula-9.6.6/src/console/conio.c:730:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&curline[cp], &curline[cp+cnt], i);
data/bacula-9.6.6/src/console/conio.c:878:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&lptr->line,newl,newlen);
data/bacula-9.6.6/src/console/conio.c:927:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bacula-9.6.6/src/console/conio.c:940:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char term_buf[2048];
data/bacula-9.6.6/src/console/console.c:85:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *argk[MAX_CMD_ARGS];
data/bacula-9.6.6/src/console/console.c:86:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *argv[MAX_CMD_ARGS];
data/bacula-9.6.6/src/console/console.c:424:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, rl_line_buffer, len);
data/bacula-9.6.6/src/console/console.c:474:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, rl_line_buffer + start, end - start + 1);
data/bacula-9.6.6/src/console/console.c:522:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf, what+pmatch[1].rm_so, size);
data/bacula-9.6.6/src/console/console.c:1043:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
item = atoi(UA_sock->msg);
data/bacula-9.6.6/src/console/console.c:1166:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/console/console.c:1186:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(optarg);
data/bacula-9.6.6/src/console/console.c:1273:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bacula-9.6.6/src/console/console.c:1582:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[5000];
data/bacula-9.6.6/src/console/console.c:1594:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wait = atoi(argk[2]);
data/bacula-9.6.6/src/console/console.c:1604:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wait = atoi(argv[i]);
data/bacula-9.6.6/src/console/console.c:1659:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sleep(atoi(argk[1]));
data/bacula-9.6.6/src/console/console.c:1720:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdt[50];
data/bacula-9.6.6/src/console/console.c:1734:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3000];
data/bacula-9.6.6/src/console/console.c:1746:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[3000];
data/bacula-9.6.6/src/console/console.c:1757:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(obuf, q, len);
data/bacula-9.6.6/src/console/console.c:1759:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(obuf+len, "\r\n", 3);
data/bacula-9.6.6/src/dird/admin.c:70:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdt[50], edt[50], schedt[50];
data/bacula-9.6.6/src/dird/admin.c:71:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_code[100];
data/bacula-9.6.6/src/dird/admin.c:101:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(term_code, _("Inappropriate term code: %c\n"), jcr->JobStatus);
data/bacula-9.6.6/src/dird/authenticate.c:65:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/authenticate.c:194:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/authenticate.c:316:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/autoprune.c:85:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[100], ed3[50];
data/bacula-9.6.6/src/dird/backup.c:117:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_jobid[50];
data/bacula-9.6.6/src/dird/backup.c:247:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/backup.c:267:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/backup.c:441:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[100];
data/bacula-9.6.6/src/dird/backup.c:774:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], *jmid;
data/bacula-9.6.6/src/dird/backup.c:859:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdt[50], edt[50], schedt[50], edl[50];
data/bacula-9.6.6/src/dird/backup.c:860:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30], ec2[30], ec3[30], ec4[30], ec5[30];
data/bacula-9.6.6/src/dird/backup.c:861:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec6[30], ec7[30], ec8[30], ec9[30], ec10[30], elapsed[50];
data/bacula-9.6.6/src/dird/backup.c:862:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_compress[200], comm_compress[200];
data/bacula-9.6.6/src/dird/backup.c:863:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fd_term_msg[100], sd_term_msg[100];
data/bacula-9.6.6/src/dird/backup.c:1109:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char edl[50];
data/bacula-9.6.6/src/dird/backup.c:1116:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char edt[50], ed1[50], ed2[50];
data/bacula-9.6.6/src/dird/bdirjson.c:170:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/dird/bdirjson.c:225:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bacula-9.6.6/src/dird/bdirjson.c:467:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lopts[100];
data/bacula-9.6.6/src/dird/bdirjson.c:491:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lopts[100];
data/bacula-9.6.6/src/dird/bdirjson.c:1098:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[500];
data/bacula-9.6.6/src/dird/bdirjson.c:1106:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[500];
data/bacula-9.6.6/src/dird/bdirjson.c:1349:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
offset = (char *)(job_items[i].value) - (char *)&res_all;
data/bacula-9.6.6/src/dird/bdirjson.c:1482:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3000];
data/bacula-9.6.6/src/dird/bsr.c:280:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Device[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/bsr.c:351:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/dird/bsr.c:354:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/catreq.c:70:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30];
data/bacula-9.6.6/src/dird/catreq.c:83:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50], ed4[50], ed5[50], ed6[50], ed7[50], ed8[50],
data/bacula-9.6.6/src/dird/catreq.c:123:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pool_name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/catreq.c:519:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jcr->attr, msg, msglen);
data/bacula-9.6.6/src/dird/catreq.c:622:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digestbuf[BASE64_SIZE(CRYPTO_DIGEST_MAX_SIZE)];
data/bacula-9.6.6/src/dird/dir_plugins.c:474:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2000];
data/bacula-9.6.6/src/dird/dir_plugins.c:494:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2000];
data/bacula-9.6.6/src/dird/dir_plugins.c:507:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plugin_dir[1000];
data/bacula-9.6.6/src/dird/dir_plugins.c:512:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(my_name, "test-dir");
data/bacula-9.6.6/src/dird/dird.c:211:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/dird/dird.c:901:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
offset = (char *)(job_items[i].value) - (char *)&res_all;
data/bacula-9.6.6/src/dird/dird.c:1425:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sid[50];
data/bacula-9.6.6/src/dird/dird.c:1504:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prbuf[500];
data/bacula-9.6.6/src/dird/dird_conf.c:844:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[100], ed2[100], ed3[100], edl[50];
data/bacula-9.6.6/src/dird/dird_conf.c:921:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/dird_conf.c:926:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dev->reserved, dev->open, dev->append, dev->read, dev->labeled,
data/bacula-9.6.6/src/dird/dird_conf.c:1214:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000], num[30];
data/bacula-9.6.6/src/dird/dird_conf.c:2529:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(script, &res_runscript, sizeof(RUNSCRIPT));
data/bacula-9.6.6/src/dird/dird_conf.h:155:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open; /* drive open */
data/bacula-9.6.6/src/dird/dird_conf.h:162:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ChangerName[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/dird_conf.h:163:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolumeName[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/dird_conf.h:164:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MediaType[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/dird_conf.h:554:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opts[MAX_FOPTS]; /* options string */
data/bacula-9.6.6/src/dird/dird_conf.h:573:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opt_present[INC_KW_MAX+1]; /* set if option is present in conf file */
data/bacula-9.6.6/src/dird/dird_conf.h:597:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MD5[30]; /* base 64 representation of MD5 */
data/bacula-9.6.6/src/dird/dird_conf.h:757:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hour[nbytes_for_bits(24)]; /* bit set for each hour */
data/bacula-9.6.6/src/dird/dird_conf.h:758:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mday[nbytes_for_bits(32)]; /* bit set for each day of month */
data/bacula-9.6.6/src/dird/dird_conf.h:759:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char month[nbytes_for_bits(12)]; /* bit set for each month */
data/bacula-9.6.6/src/dird/dird_conf.h:760:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wday[nbytes_for_bits(7)]; /* bit set for each day of the week */
data/bacula-9.6.6/src/dird/dird_conf.h:761:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wom[nbytes_for_bits(6)]; /* week of month */
data/bacula-9.6.6/src/dird/dird_conf.h:762:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char woy[nbytes_for_bits(54)]; /* week of year */
data/bacula-9.6.6/src/dird/expand.c:39:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/bacula-9.6.6/src/dird/expand.c:75:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/bacula-9.6.6/src/dird/expand.c:198:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXSTRING];
data/bacula-9.6.6/src/dird/expand.c:204:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, var_ptr, var_len);
data/bacula-9.6.6/src/dird/expand.c:265:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXSTRING], *val, *p, *v;
data/bacula-9.6.6/src/dird/expand.c:284:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, var_ptr, var_len + 1);
data/bacula-9.6.6/src/dird/expand.c:342:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v, val, p-val);
data/bacula-9.6.6/src/dird/expand.c:371:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXSTRING];
data/bacula-9.6.6/src/dird/expand.c:375:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, arg_ptr, arg_len);
data/bacula-9.6.6/src/dird/expand.c:378:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, val_ptr, val_len);
data/bacula-9.6.6/src/dird/fd_cmds.c:79:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30];
data/bacula-9.6.6/src/dird/fd_cmds.c:95:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH + 100];
data/bacula-9.6.6/src/dird/fd_cmds.c:185:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prev_job[MAX_NAME_LENGTH], edl[50];
data/bacula-9.6.6/src/dird/fd_cmds.c:321:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/fd_cmds.c:424:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newopts[MAX_FOPTS];
data/bacula-9.6.6/src/dird/fd_cmds.c:547:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2000];
data/bacula-9.6.6/src/dird/fd_cmds.c:852:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/fd_cmds.c:899:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2000];
data/bacula-9.6.6/src/dird/fd_cmds.c:940:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest[2*(MAXSTRING+1)+1]; /* escaped version of Digest */
data/bacula-9.6.6/src/dird/fd_cmds.c:955:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Digest[MAXSTRING+1]; /* either Verify opts or MD5/SHA1 digest */
data/bacula-9.6.6/src/dird/getmsg.c:141:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/getmsg.c:143:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MsgType[20];
data/bacula-9.6.6/src/dird/getmsg.c:182:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/getmsg.c:264:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/bacula-9.6.6/src/dird/inc_conf.c:259:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char option[3];
data/bacula-9.6.6/src/dird/inc_conf.c:390:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)incexe, (void *)&res_incexe, sizeof(INCEXE));
data/bacula-9.6.6/src/dird/inc_conf.c:422:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prbuf[500];
data/bacula-9.6.6/src/dird/inc_conf.c:748:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inc_opts[100];
data/bacula-9.6.6/src/dird/job.c:304:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&jcr->jr, jr, sizeof(JOB_DBR));
data/bacula-9.6.6/src/dird/job.c:679:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/job.c:1313:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[MD5HashSize];
data/bacula-9.6.6/src/dird/job.c:1394:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/dird/job.c:1395:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/jobq.c:656:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[50], dt2[50];
data/bacula-9.6.6/src/dird/mac.c:243:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[100];
data/bacula-9.6.6/src/dird/mac.c:316:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[100];
data/bacula-9.6.6/src/dird/mac.c:596:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/mac.c:597:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[MAX_NAME_LENGTH + 50];
data/bacula-9.6.6/src/dird/mac.c:624:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdt[MAX_TIME_LENGTH], edt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/dird/mac.c:625:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30], ec2[30], ec3[30], ec4[30], ec5[30], elapsed[50];
data/bacula-9.6.6/src/dird/mac.c:626:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec6[50], ec7[50], ec8[50], ec9[30], ec10[30], edl[50];
data/bacula-9.6.6/src/dird/mac.c:627:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sd_term_msg[100];
data/bacula-9.6.6/src/dird/mac.c:649:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_jobid[50], new_jobid[50];
data/bacula-9.6.6/src/dird/mac_sql.c:186:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30], ed2[30];
data/bacula-9.6.6/src/dird/mac_sql.c:197:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/dird/mac_sql.c:518:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prbuf[500];
data/bacula-9.6.6/src/dird/mac_sql.c:656:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[maxlen+1];
data/bacula-9.6.6/src/dird/mac_sql.c:743:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[maxlen+1];
data/bacula-9.6.6/src/dird/msgchan.c:179:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sd_auth_key[100];
data/bacula-9.6.6/src/dird/msgchan.c:184:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30], ed2[30];
data/bacula-9.6.6/src/dird/msgchan.c:422:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/msgchan.c:423:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ErrMsg[256];
data/bacula-9.6.6/src/dird/msgchan.c:544:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bacula-9.6.6/src/dird/newvol.c:118:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXSTRING];
data/bacula-9.6.6/src/dird/newvol.c:119:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[20];
data/bacula-9.6.6/src/dird/newvol.c:122:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/newvol.c:137:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num, "%04d", i);
data/bacula-9.6.6/src/dird/next_vol.c:69:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/next_vol.c:260:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/restore.c:107:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char files[100];
data/bacula-9.6.6/src/dird/restore.c:127:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char storage[MAX_NAME_LENGTH+1];
data/bacula-9.6.6/src/dird/restore.c:638:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdt[MAX_TIME_LENGTH], edt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/dird/restore.c:639:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30], ec2[30], ec3[30], ec4[30], elapsed[50];
data/bacula-9.6.6/src/dird/restore.c:640:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_code[100], fd_term_msg[100], sd_term_msg[100];
data/bacula-9.6.6/src/dird/restore.c:697:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(term_code, _("Inappropriate term code: %c\n"), TermCode);
data/bacula-9.6.6/src/dird/run_conf.c:378:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code = atoi(lc->str) - 1;
data/bacula-9.6.6/src/dird/run_conf.c:395:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code = atoi(lc->str+1);
data/bacula-9.6.6/src/dird/run_conf.c:477:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code = atoi(lc->str); /* pick up hour */
data/bacula-9.6.6/src/dird/run_conf.c:478:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code2 = atoi(p); /* pick up minutes */
data/bacula-9.6.6/src/dird/run_conf.c:535:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code = atoi(lc->str) - 1;
data/bacula-9.6.6/src/dird/run_conf.c:536:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code2 = atoi(p) - 1;
data/bacula-9.6.6/src/dird/run_conf.c:557:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code = atoi(lc->str+1);
data/bacula-9.6.6/src/dird/run_conf.c:558:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code2 = atoi(p+1);
data/bacula-9.6.6/src/dird/run_conf.c:674:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nrun, &lrun, sizeof(RUN));
data/bacula-9.6.6/src/dird/scheduler.c:443:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/dird/snapshot.c:138:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/snapshot.c:269:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[51];
data/bacula-9.6.6/src/dird/snapshot.c:366:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH], ed1[50];
data/bacula-9.6.6/src/dird/snapshot.c:650:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[150];
data/bacula-9.6.6/src/dird/snapshot.c:700:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[130];
data/bacula-9.6.6/src/dird/ua.h:41:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argk[MAX_CMD_ARGS]; /* argument keywords */
data/bacula-9.6.6/src/dird/ua.h:42:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[MAX_CMD_ARGS]; /* argument values */
data/bacula-9.6.6/src/dird/ua.h:48:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char api_opts[MAX_NAME_LENGTH]; /* Api options */
data/bacula-9.6.6/src/dird/ua.h:109:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ClientName[MAX_NAME_LENGTH]; /* backup client */
data/bacula-9.6.6/src/dird/ua.h:110:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char RestoreClientName[MAX_NAME_LENGTH]; /* restore client */
data/bacula-9.6.6/src/dird/ua.h:111:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char RestoreMediaType[MAX_NAME_LENGTH]; /* restore Media type when storage override */
data/bacula-9.6.6/src/dird/ua.h:112:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_jobid[20];
data/bacula-9.6.6/src/dird/ua_cmds.c:304:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_cmds.c:347:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bacula-9.6.6/src/dird/ua_cmds.c:707:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_cmds.c:748:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_cmds.c:811:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[1024];
data/bacula-9.6.6/src/dird/ua_cmds.c:1134:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options[60];
data/bacula-9.6.6/src/dird/ua_cmds.c:1170:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trace_flag = atoi(ua->argv[i]);
data/bacula-9.6.6/src/dird/ua_cmds.c:1179:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hangup = atoi(ua->argv[i]);
data/bacula-9.6.6/src/dird/ua_cmds.c:1185:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
blowup = atoi(ua->argv[i]);
data/bacula-9.6.6/src/dird/ua_cmds.c:1322:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char since[MAXSTRING];
data/bacula-9.6.6/src/dird/ua_cmds.c:1516:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdt[50];
data/bacula-9.6.6/src/dird/ua_cmds.c:1619:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/bacula-9.6.6/src/dird/ua_cmds.c:1655:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_cmds.c:1668:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bacula-9.6.6/src/dird/ua_cmds.c:1713:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/bacula-9.6.6/src/dird/ua_cmds.c:1738:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/bacula-9.6.6/src/dird/ua_cmds.c:1797:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_cmds.c:1894:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char storage[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_cmds.c:1992:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char storage[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_cmds.c:1993:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/dird/ua_cmds.c:2007:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
drive = atoi(ua->argv[i]);
data/bacula-9.6.6/src/dird/ua_cmds.c:2354:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256] ;
data/bacula-9.6.6/src/dird/ua_collect.c:550:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prmt[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_dotcmds.c:302:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/bacula-9.6.6/src/dird/ua_dotcmds.c:994:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_dotcmds.c:1055:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char limit[50];
data/bacula-9.6.6/src/dird/ua_dotcmds.c:1179:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_name[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_dotcmds.c:1226:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_cli[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_dotcmds.c:1227:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char limit[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_dotcmds.c:1739:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/bacula-9.6.6/src/dird/ua_dotcmds.c:1894:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ua->api = atoi(ua->argk[1]);
data/bacula-9.6.6/src/dird/ua_dotcmds.c:2084:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_dotcmds.c:2097:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char edl[50];
data/bacula-9.6.6/src/dird/ua_input.c:203:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Enabled = atoi(val);
data/bacula-9.6.6/src/dird/ua_label.c:107:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
beg = atoi(p);
data/bacula-9.6.6/src/dird/ua_label.c:108:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
end = atoi(h);
data/bacula-9.6.6/src/dird/ua_label.c:119:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
beg = end = atoi(p);
data/bacula-9.6.6/src/dird/ua_label.c:323:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_label.c:426:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mr.Slot = atoi(ua->argv[i]);
data/bacula-9.6.6/src/dird/ua_label.c:675:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_label.c:756:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_label.c:796:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_label.c:829:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Slot = atoi(sd->msg);
data/bacula-9.6.6/src/dird/ua_label.c:840:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!is_an_integer(sd->msg) || (Slot=atoi(sd->msg)) <= 0) {
data/bacula-9.6.6/src/dird/ua_label.c:924:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_label.c:956:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_label.c:1013:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50];
data/bacula-9.6.6/src/dird/ua_label.c:1085:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_label.c:1086:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vol_name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_output.c:388:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jr.limit = atoi(ua->argv[j]);
data/bacula-9.6.6/src/dird/ua_output.c:708:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(ua->argv[j]);
data/bacula-9.6.6/src/dird/ua_output.c:724:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
limit = atoi(ua->argv[j]);
data/bacula-9.6.6/src/dird/ua_output.c:764:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char edl[50];
data/bacula-9.6.6/src/dird/ua_output.c:889:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[300], num[10];
data/bacula-9.6.6/src/dird/ua_output.c:988:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[2000];
data/bacula-9.6.6/src/dird/ua_prune.c:285:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_prune.c:309:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_prune.c:361:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_prune.c:537:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_prune.c:786:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_prune.c:884:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/dird/ua_purge.c:107:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jobid[50];
data/bacula-9.6.6/src/dird/ua_purge.c:196:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_purge.c:244:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_purge.c:321:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_purge.c:352:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_purge.c:538:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_purge.c:682:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char storage[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_query.c:52:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1000];
data/bacula-9.6.6/src/dird/ua_query.c:56:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prompt[9];
data/bacula-9.6.6/src/dird/ua_query.c:179:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *subst[9];
data/bacula-9.6.6/src/dird/ua_restore.c:217:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_restore.c:491:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/dird/ua_restore.c:878:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_restore.c:951:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[5000];
data/bacula-9.6.6/src/dird/ua_restore.c:1169:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[500] = "";
data/bacula-9.6.6/src/dird/ua_restore.c:1219:12: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(rx->component_fname);
data/bacula-9.6.6/src/dird/ua_restore.c:1251:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_restore.c:1300:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_restore.c:1350:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50];
data/bacula-9.6.6/src/dird/ua_restore.c:1369:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[2000];
data/bacula-9.6.6/src/dird/ua_restore.c:1415:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileset_name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_restore.c:1416:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/dird/ua_restore.c:1417:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pool_select[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_run.c:232:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_run.c:1768:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30], edl[50];
data/bacula-9.6.6/src/dird/ua_run.c:1769:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/dird/ua_run.c:1809:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char next_pool[MAX_NAME_LENGTH + 50];
data/bacula-9.6.6/src/dird/ua_run.c:2367:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rc.Priority = atoi(ua->argv[i]);
data/bacula-9.6.6/src/dird/ua_run.c:2386:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rc.files = atoi(ua->argv[i]);
data/bacula-9.6.6/src/dird/ua_select.c:35:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[100];
data/bacula-9.6.6/src/dird/ua_select.c:61:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[100];
data/bacula-9.6.6/src/dird/ua_select.c:174:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_select.c:206:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_select.c:230:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_select.c:288:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_select.c:319:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_select.c:360:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_select.c:384:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_select.c:412:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_select.c:462:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_select.c:535:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_select.c:570:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cr, &ocr, sizeof(ocr));
data/bacula-9.6.6/src/dird/ua_select.c:608:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_select.c:670:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pr, &opr, sizeof(opr));
data/bacula-9.6.6/src/dird/ua_select.c:754:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_select.c:918:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pmsg[MAXSTRING];
data/bacula-9.6.6/src/dird/ua_select.c:1012:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pmsg[MAXSTRING];
data/bacula-9.6.6/src/dird/ua_select.c:1106:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char store_name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_select.c:1111:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_select.c:1212:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
drive = atoi(ua->argv[i]);
data/bacula-9.6.6/src/dird/ua_select.c:1227:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
drive = atoi(ua->cmd);
data/bacula-9.6.6/src/dird/ua_select.c:1241:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
slot = atoi(ua->argv[i]);
data/bacula-9.6.6/src/dird/ua_select.c:1248:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
slot = atoi(ua->cmd);
data/bacula-9.6.6/src/dird/ua_select.c:1351:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char JobName[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_select.c:1352:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256];
data/bacula-9.6.6/src/dird/ua_select.c:1401:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[1000];
data/bacula-9.6.6/src/dird/ua_select.c:1475:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bacula-9.6.6/src/dird/ua_select.c:1482:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_select.c:1497:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[1000];
data/bacula-9.6.6/src/dird/ua_select.c:1570:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*drive = atoi(ua->argv[i]);
data/bacula-9.6.6/src/dird/ua_status.c:58:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_status.c:127:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *store_address, ed1[50];
data/bacula-9.6.6/src/dird/ua_status.c:307:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prmt[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_status.c:460:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH], dt1[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/dird/ua_status.c:461:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b1[35], b2[35], b3[35], b4[35], b5[35];
data/bacula-9.6.6/src/dird/ua_status.c:694:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH], edl[50];
data/bacula-9.6.6/src/dird/ua_status.c:833:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sched_name[MAX_NAME_LENGTH] = {0}, edl[50];
data/bacula-9.6.6/src/dird/ua_status.c:848:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
limit = atoi(ua->argv[i]);
data/bacula-9.6.6/src/dird/ua_status.c:856:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
days = atoi(ua->argv[i]);
data/bacula-9.6.6/src/dird/ua_status.c:998:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/dird/ua_status.c:1093:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sched_name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_status.c:1103:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
days = atoi(ua->argv[i]);
data/bacula-9.6.6/src/dird/ua_status.c:1169:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/dird/ua_status.c:1170:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char level[10];
data/bacula-9.6.6/src/dird/ua_status.c:1418:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b1[50], b2[50], b3[50];
data/bacula-9.6.6/src/dird/ua_status.c:1454:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH], b1[30], b2[30];
data/bacula-9.6.6/src/dird/ua_status.c:1455:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char level[10];
data/bacula-9.6.6/src/dird/ua_status.c:1472:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char JobName[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/dird/ua_tree.c:98:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[2000];
data/bacula-9.6.6/src/dird/ua_tree.c:336:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[2000];
data/bacula-9.6.6/src/dird/ua_tree.c:388:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50];
data/bacula-9.6.6/src/dird/ua_tree.c:417:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50];
data/bacula-9.6.6/src/dird/ua_tree.c:449:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50], ec2[50];
data/bacula-9.6.6/src/dird/ua_tree.c:468:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[2000];
data/bacula-9.6.6/src/dird/ua_tree.c:589:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indent[max_level*2+1];
data/bacula-9.6.6/src/dird/ua_tree.c:634:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30];
data/bacula-9.6.6/src/dird/ua_tree.c:635:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char en1[30], en2[30];
data/bacula-9.6.6/src/dird/ua_tree.c:642:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, "%d,", (uint32_t)statp->st_nlink);
data/bacula-9.6.6/src/dird/ua_tree.c:655:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, " %2d ", (uint32_t)statp->st_nlink);
data/bacula-9.6.6/src/dird/ua_tree.c:657:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, "%-8.8s %-8.8s",
data/bacula-9.6.6/src/dird/ua_tree.c:661:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, "%12.12s ", edit_int64(statp->st_size, ec1));
data/bacula-9.6.6/src/dird/ua_tree.c:687:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1100];
data/bacula-9.6.6/src/dird/ua_tree.c:688:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[1100], *pcwd;
data/bacula-9.6.6/src/dird/ua_tree.c:759:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[1100];
data/bacula-9.6.6/src/dird/ua_tree.c:760:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50];
data/bacula-9.6.6/src/dird/ua_tree.c:815:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[2000];
data/bacula-9.6.6/src/dird/ua_tree.c:847:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[2000];
data/bacula-9.6.6/src/dird/ua_tree.c:859:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[2000];
data/bacula-9.6.6/src/dird/ua_tree.c:887:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_update.c:148:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_update.c:162:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[150], ed2[50];
data/bacula-9.6.6/src/dird/ua_update.c:180:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[150], ed2[50];
data/bacula-9.6.6/src/dird/ua_update.c:198:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[150], ed2[50];
data/bacula-9.6.6/src/dird/ua_update.c:218:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_update.c:231:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_update.c:244:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/dird/ua_update.c:263:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_update.c:283:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_update.c:311:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mr->Slot = atoi(val);
data/bacula-9.6.6/src/dird/ua_update.c:332:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/dird/ua_update.c:366:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/dird/ua_update.c:526:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bacula-9.6.6/src/dird/ua_update.c:527:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[130];
data/bacula-9.6.6/src/dird/ua_update.c:878:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
since = atoi(ua->argv[i]) * 24*60*60;
data/bacula-9.6.6/src/dird/ua_update.c:896:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/ua_update.c:933:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50], ed4[50];
data/bacula-9.6.6/src/dird/vbackup.c:108:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[100];
data/bacula-9.6.6/src/dird/vbackup.c:362:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdt[50], edt[50], schedt[50];
data/bacula-9.6.6/src/dird/vbackup.c:363:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30], ec3[30], ec4[30], compress[50];
data/bacula-9.6.6/src/dird/vbackup.c:364:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec7[30], ec8[30], elapsed[50];
data/bacula-9.6.6/src/dird/vbackup.c:365:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_code[100], sd_term_msg[100];
data/bacula-9.6.6/src/dird/vbackup.c:435:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(term_code, _("Inappropriate term code: %c\n"), jcr->JobStatus);
data/bacula-9.6.6/src/dird/vbackup.c:578:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/dird/verify.c:90:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[100], edl[50];
data/bacula-9.6.6/src/dird/verify.c:437:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdt[50], edt[50], edl[50];
data/bacula-9.6.6/src/dird/verify.c:438:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30], ec2[30], elapsed[50];
data/bacula-9.6.6/src/dird/verify.c:439:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_code[100], fd_term_msg[100], sd_term_msg[100];
data/bacula-9.6.6/src/dird/verify.c:597:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXSTRING];
data/bacula-9.6.6/src/dird/verify.c:621:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Opts_Digest[MAXSTRING]; /* Verify Opts or MD5/SHA1 digest */
data/bacula-9.6.6/src/dird/verify.c:705:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30], ed2[30];
data/bacula-9.6.6/src/filed/accurate.c:68:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, temp, sizeof(CurFile));
data/bacula-9.6.6/src/filed/accurate.c:273:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/filed/accurate.c:386:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30], ed2[30];
data/bacula-9.6.6/src/filed/accurate.c:529:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md[CRYPTO_DIGEST_MAX_SIZE];
data/bacula-9.6.6/src/filed/accurate.c:639:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b1[50], b2[50], b3[50], b4[50], b5[50];
data/bacula-9.6.6/src/filed/authenticate.c:94:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[64];
data/bacula-9.6.6/src/filed/authenticate.c:99:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[64];
data/bacula-9.6.6/src/filed/backup.c:867:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attribs[MAXSTRING];
data/bacula-9.6.6/src/filed/backup.c:868:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attribsExBuf[MAXSTRING];
data/bacula-9.6.6/src/filed/backup.c:907:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&attr.statp, &ff_pkt->statp, sizeof(struct stat));
data/bacula-9.6.6/src/filed/backup.c:1006:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sd->msg + sd->msglen, ff_pkt->object, comp_len);
data/bacula-9.6.6/src/filed/bacl.c:679:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[BUFSIZ];
data/bacula-9.6.6/src/filed/bfdjson.c:171:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/filed/bfdjson.c:220:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bacula-9.6.6/src/filed/bfdjson.c:432:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[500];
data/bacula-9.6.6/src/filed/bfdjson.c:440:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[500];
data/bacula-9.6.6/src/filed/bfdjson.c:636:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3000];
data/bacula-9.6.6/src/filed/bxattr_freebsd.c:312:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(genlist + a, list + a + 1, stra);
data/bacula-9.6.6/src/filed/bxattr_solaris.c:143:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attribs[MAXSTRING];
data/bacula-9.6.6/src/filed/bxattr_solaris.c:273:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + len, value, value_len);
data/bacula-9.6.6/src/filed/crypto.c:297:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sd->msg, ff_pkt->digest, ff_pkt->digest_len);
data/bacula-9.6.6/src/filed/estimate.c:109:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&attr.statp, &ff_pkt->statp, sizeof(struct stat));
data/bacula-9.6.6/src/filed/fd_plugins.c:728:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&attr.statp, &sp.statp, sizeof(struct stat));
data/bacula-9.6.6/src/filed/fd_plugins.c:1868:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2000];
data/bacula-9.6.6/src/filed/fd_plugins.c:1890:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2000];
data/bacula-9.6.6/src/filed/fd_plugins.c:2227:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plugin_dir[1000];
data/bacula-9.6.6/src/filed/fd_plugins.c:2232:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(my_name, "test-fd");
data/bacula-9.6.6/src/filed/fd_snapshot.c:173:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char add[20];
data/bacula-9.6.6/src/filed/fd_snapshot.c:473:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Name[MAX_NAME_LENGTH]; /* Name of the snapshot */
data/bacula-9.6.6/src/filed/fd_snapshot.c:474:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Type[MAX_NAME_LENGTH]; /* lvm, btrfs, netapp */
data/bacula-9.6.6/src/filed/fd_snapshot.c:475:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FSType[MAX_NAME_LENGTH]; /* btrfs, zfs, ext3 */
data/bacula-9.6.6/src/filed/fd_snapshot.c:476:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CreateDate[MAX_TIME_LENGTH]; /* Creation date */
data/bacula-9.6.6/src/filed/fd_snapshot.c:661:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char add[20];
data/bacula-9.6.6/src/filed/fd_snapshot.c:1106:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/filed/fd_snapshot.c:1249:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1]; /* Command line */
data/bacula-9.6.6/src/filed/fd_snapshot.c:1700:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/filed/fd_snapshot.c:1756:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/filed/fdcollect.c:158:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(user->msg, out.c_str(), len);
data/bacula-9.6.6/src/filed/filed.c:126:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/filed/hello.c:86:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[64];
data/bacula-9.6.6/src/filed/hello.c:107:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[64];
data/bacula-9.6.6/src/filed/hello.c:136:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char job_name[500];
data/bacula-9.6.6/src/filed/hello.c:137:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[150];
data/bacula-9.6.6/src/filed/hello.c:252:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bashed_name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/filed/job.c:274:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char jobname[12] = "*Director*";
data/bacula-9.6.6/src/filed/job.c:509:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[64];
data/bacula-9.6.6/src/filed/job.c:526:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/filed/job.c:737:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/filed/job.c:780:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/filed/job.c:826:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options[60];
data/bacula-9.6.6/src/filed/job.c:827:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tags[512];
data/bacula-9.6.6/src/filed/job.c:887:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/filed/job.c:1230:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bacula-9.6.6/src/filed/job.c:1267:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ffd = fopen(p, "rb")) == NULL) {
data/bacula-9.6.6/src/filed/job.c:1407:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prbuf[500];
data/bacula-9.6.6/src/filed/job.c:1690:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strip[100];
data/bacula-9.6.6/src/filed/job.c:1809:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fo->strip_path = atoi(strip);
data/bacula-9.6.6/src/filed/job.c:1962:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/filed/job.c:2273:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char drive[4];
data/bacula-9.6.6/src/filed/job.c:2279:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(drive, "c:\\");
data/bacula-9.6.6/src/filed/job.c:2475:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szWinDriveLetters[27];
data/bacula-9.6.6/src/filed/job.c:2588:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char level[100];
data/bacula-9.6.6/src/filed/job.c:3010:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/bacula-9.6.6/src/filed/restore.c:93:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50], ec2[50];
data/bacula-9.6.6/src/filed/restore.c:188:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rds->content, msg, msglen);
data/bacula-9.6.6/src/filed/restore.c:359:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50]; /* Buffer printing huge values */
data/bacula-9.6.6/src/filed/restore.c:1187:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50];
data/bacula-9.6.6/src/filed/restore.c:1209:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50]; /* Buffer printing huge values */
data/bacula-9.6.6/src/filed/restore.c:1422:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50]; /* Buffer printing huge values */
data/bacula-9.6.6/src/filed/restore.c:1587:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50]; /* Buffer printing huge values */
data/bacula-9.6.6/src/filed/status.c:78:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[300];
data/bacula-9.6.6/src/filed/status.c:110:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b1[32], b2[32], b3[32], b4[32], b5[35];
data/bacula-9.6.6/src/filed/status.c:113:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/filed/status.c:129:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[300];
data/bacula-9.6.6/src/filed/status.c:231:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b1[50], b2[50], b3[50], b4[50], b5[50], b6[50];
data/bacula-9.6.6/src/filed/status.c:236:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/filed/verify.c:75:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attribs[MAXSTRING];
data/bacula-9.6.6/src/filed/verify.c:76:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attribsEx[MAXSTRING];
data/bacula-9.6.6/src/filed/verify.c:248:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md[CRYPTO_DIGEST_MAX_SIZE];
data/bacula-9.6.6/src/filed/verify_vol.c:62:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest[BASE64_SIZE(CRYPTO_DIGEST_MAX_SIZE)]; /* current digest */
data/bacula-9.6.6/src/filed/verify_vol.c:207:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/filed/verify_vol.c:251:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest[BASE64_SIZE(CRYPTO_DIGEST_MAX_SIZE)];
data/bacula-9.6.6/src/filed/win_efs.c:73:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbData, buf, data_len);
data/bacula-9.6.6/src/filed/win_efs.c:152:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, data, length);
data/bacula-9.6.6/src/filed/win_efs.c:199:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbData, buf, data_len);
data/bacula-9.6.6/src/filed/win_efs.c:265:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+sizeof(int32_t), data, length);
data/bacula-9.6.6/src/filed/win_efs.c:298:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->rbuf, pbData + ulSent, sd->msglen);
data/bacula-9.6.6/src/findlib/attribs.c:610:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50], ec2[50];
data/bacula-9.6.6/src/findlib/bfile.c:51:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bacula-9.6.6/src/findlib/bfile.c:84:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[20];
data/bacula-9.6.6/src/findlib/bfile.c:214:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", stream);
data/bacula-9.6.6/src/findlib/bfile.c:226:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBE, &v, sizeof(int64_t));
data/bacula-9.6.6/src/findlib/bfile.c:235:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBE, &rv, sizeof(int64_t));
data/bacula-9.6.6/src/findlib/bfile.c:246:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBE, &v, sizeof(int32_t));
data/bacula-9.6.6/src/findlib/bfile.c:255:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBE, &rv, sizeof(int32_t));
data/bacula-9.6.6/src/findlib/bfile.c:1027:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bfd->fid = open(fname, (flags | O_CLOEXEC) & ~O_NOATIME, mode);
data/bacula-9.6.6/src/findlib/drivetype.c:99:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[1000];
data/bacula-9.6.6/src/findlib/enable_priv.c:80:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/bacula-9.6.6/src/findlib/enable_priv.c:81:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("AdjustTokenPrivileges set "));
data/bacula-9.6.6/src/findlib/find.c:133:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ff->AccurateOpts, "Cmcs"); /* mtime+ctime+size by default */
data/bacula-9.6.6/src/findlib/find.c:134:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ff->BaseJobOpts, "Jspug5"); /* size+perm+user+group+chk */
data/bacula-9.6.6/src/findlib/find.h:70:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VerifyOpts[20]; /* Options for verify */
data/bacula-9.6.6/src/findlib/find.h:71:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[1];
data/bacula-9.6.6/src/findlib/find.h:77:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[1];
data/bacula-9.6.6/src/findlib/find.h:101:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VerifyOpts[MAX_FOPTS]; /* verify options */
data/bacula-9.6.6/src/findlib/find.h:102:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AccurateOpts[MAX_FOPTS]; /* accurate mode options */
data/bacula-9.6.6/src/findlib/find.h:103:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BaseJobOpts[MAX_FOPTS]; /* basejob mode options */
data/bacula-9.6.6/src/findlib/find.h:140:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fndrinfo[32]; /* Finder Info */
data/bacula-9.6.6/src/findlib/find.h:189:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VerifyOpts[20];
data/bacula-9.6.6/src/findlib/find.h:190:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AccurateOpts[20];
data/bacula-9.6.6/src/findlib/find.h:191:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BaseJobOpts[20];
data/bacula-9.6.6/src/findlib/find.h:209:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_fstypename[32]; /* cache last file system type name */
data/bacula-9.6.6/src/findlib/find_one.c:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1]; /* The name */
data/bacula-9.6.6/src/findlib/find_one.c:89:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)dir_ff_pkt, (void *)ff_pkt, sizeof(FF_PKT));
data/bacula-9.6.6/src/findlib/find_one.c:144:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fs[1000];
data/bacula-9.6.6/src/findlib/find_one.c:172:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[100];
data/bacula-9.6.6/src/findlib/find_one.c:347:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ff_pkt->linked->digest, digest, len);
data/bacula-9.6.6/src/findlib/find_one.c:397:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fs[100];
data/bacula-9.6.6/src/findlib/find_one.c:412:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[100];
data/bacula-9.6.6/src/findlib/fstype.c:56:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fstype[1];
data/bacula-9.6.6/src/findlib/fstype.c:458:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fs[1000];
data/bacula-9.6.6/src/findlib/mkpath.c:52:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[1];
data/bacula-9.6.6/src/findlib/mkpath.c:84:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(item->fname, fname, len+1);
data/bacula-9.6.6/src/findlib/mkpath.c:190:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_dir[5000];
data/bacula-9.6.6/src/findlib/mkpath.c:228:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char drive[4] = "X:\\";
data/bacula-9.6.6/src/findlib/namedpipe.c:204:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
self->ifd = self->fd = open(path, mode);
data/bacula-9.6.6/src/findlib/namedpipe.c:229:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65*1024], file[128];
data/bacula-9.6.6/src/findlib/namedpipe.c:319:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m = atoi(buf);
data/bacula-9.6.6/src/findlib/savecwd.c:48:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fd = open(".", O_RDONLY);
data/bacula-9.6.6/src/findlib/win32filter.c:65:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&header + header_pos, *raw, size);
data/bacula-9.6.6/src/jcr.h:242:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH]; /* Unique name of this Job */
data/bacula-9.6.6/src/jcr.h:243:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char event[MAX_NAME_LENGTH]; /* Current event (python) */
data/bacula-9.6.6/src/jcr.h:367:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FSCreateTime[MAX_TIME_LENGTH]; /* FileSet CreateTime as returned from DB */
data/bacula-9.6.6/src/jcr.h:368:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char since[MAX_TIME_LENGTH]; /* since time */
data/bacula-9.6.6/src/jcr.h:369:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PrevJob[MAX_NAME_LENGTH]; /* Previous job name assiciated with since time */
data/bacula-9.6.6/src/jcr.h:446:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stored_addr[MAX_NAME_LENGTH]; /* storage daemon address */
data/bacula-9.6.6/src/jcr.h:447:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PrevJob[MAX_NAME_LENGTH]; /* Previous job name assiciated with since time */
data/bacula-9.6.6/src/jcr.h:486:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stored_addr[MAX_NAME_LENGTH]; /* storage daemon address */
data/bacula-9.6.6/src/jcr.h:487:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char client_addr[MAX_NAME_LENGTH]; /* client daemon address */
data/bacula-9.6.6/src/jcr.h:563:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/lib/address_conf.c:214:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/bacula-9.6.6/src/lib/address_conf.c:234:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/bacula-9.6.6/src/lib/address_conf.c:269:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bacula-9.6.6/src/lib/address_conf.c:317:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int pnum = atol(port_str);
data/bacula-9.6.6/src/lib/address_conf.c:435:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname_str[1024];
data/bacula-9.6.6/src/lib/address_conf.c:436:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_str[128];
data/bacula-9.6.6/src/lib/address_conf.c:438:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[1024];
data/bacula-9.6.6/src/lib/address_conf.c:546:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[1024];
data/bacula-9.6.6/src/lib/address_conf.c:560:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[1024];
data/bacula-9.6.6/src/lib/address_conf.c:613:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clienthost[NI_MAXHOST];
data/bacula-9.6.6/src/lib/address_conf.c:614:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clientservice[NI_MAXSERV];
data/bacula-9.6.6/src/lib/alist.c:226:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/bacula-9.6.6/src/lib/alist.c:230:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "This is item %d", i);
data/bacula-9.6.6/src/lib/alist.c:241:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/bacula-9.6.6/src/lib/alist.c:245:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "This is item %d", i);
data/bacula-9.6.6/src/lib/alist.c:261:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nb = atoi(bp);
data/bacula-9.6.6/src/lib/alist.c:288:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/bacula-9.6.6/src/lib/alist.c:306:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "This is item %d", i);
data/bacula-9.6.6/src/lib/alist.c:323:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "This is item %d", i);
data/bacula-9.6.6/src/lib/alist.c:404:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "This is item 10");
data/bacula-9.6.6/src/lib/alist.c:412:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "This is item 10");
data/bacula-9.6.6/src/lib/alist.c:416:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "This is item 15");
data/bacula-9.6.6/src/lib/alist.c:421:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "This is item %d", i);
data/bacula-9.6.6/src/lib/alist.c:437:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "This is item %d", i);
data/bacula-9.6.6/src/lib/alist.c:451:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "This is item %d", i);
data/bacula-9.6.6/src/lib/attr.c:107:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr->attrEx, p, object_len);
data/bacula-9.6.6/src/lib/attr.c:252:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5000];
data/bacula-9.6.6/src/lib/attr.c:253:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30];
data/bacula-9.6.6/src/lib/attr.c:254:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char en1[30], en2[30];
data/bacula-9.6.6/src/lib/attr.c:276:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, " %2d ", (uint32_t)attr->statp.st_nlink);
data/bacula-9.6.6/src/lib/attr.c:277:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%-8.8s %-8.8s",
data/bacula-9.6.6/src/lib/attr.c:280:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, " %18.18s ", edit_int64(attr->statp.st_size, ec1));
data/bacula-9.6.6/src/lib/base64.c:247:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bacula-9.6.6/src/lib/base64.c:248:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char junk[100];
data/bacula-9.6.6/src/lib/base64.c:266:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(junk, "This is a sample stringa");
data/bacula-9.6.6/src/lib/base64.c:289:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char where[500];
data/bacula-9.6.6/src/lib/base64.c:385:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char rnddata[16] = {
data/bacula-9.6.6/src/lib/base64.c:395:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/bacula-9.6.6/src/lib/base64.c:396:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binbuf[30];
data/bacula-9.6.6/src/lib/bcollector.c:151:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(collector->file, O_WRONLY|O_CREAT|O_APPEND, 0640);
data/bacula-9.6.6/src/lib/bcollector.c:213:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(sname.c_str(), O_RDONLY);
data/bacula-9.6.6/src/lib/bcollector.c:247:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(sname.c_str(), O_WRONLY|O_CREAT|O_APPEND, 0640);
data/bacula-9.6.6/src/lib/bcollector.c:634:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/lib/bjson.c:60:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3000];
data/bacula-9.6.6/src/lib/bjson.c:358:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/lib/bjson.c:365:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/lib/bmtio.h:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _reserved_padding[256];
data/bacula-9.6.6/src/lib/bnet.c:384:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[30];
data/bacula-9.6.6/src/lib/bnet_server.c:81:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/bacula-9.6.6/src/lib/bnet_server.c:84:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char allbuf[256 * 10];
data/bacula-9.6.6/src/lib/bnet_server.c:100:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curbuf[256];
data/bacula-9.6.6/src/lib/bpipe.c:81:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bargv[MAX_ARGV];
data/bacula-9.6.6/src/lib/breg.c:213:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prbuf[500];
data/bacula-9.6.6/src/lib/breg.c:307:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed[50];
data/bacula-9.6.6/src/lib/bregex.c:137:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *start[NUM_REGISTERS];
data/bacula-9.6.6/src/lib/bregex.c:138:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *end[NUM_REGISTERS];
data/bacula-9.6.6/src/lib/bregex.c:453:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char plain_ops[256];
data/bacula-9.6.6/src/lib/bregex.c:454:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char quoted_ops[256];
data/bacula-9.6.6/src/lib/bregex.c:455:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char precedences[Rnum_ops];
data/bacula-9.6.6/src/lib/bregex.c:464:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char re_syntax_table[256];
data/bacula-9.6.6/src/lib/bregex.c:683:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char small_visited[512], *visited;
data/bacula-9.6.6/src/lib/bregex.c:745:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char map[256];
data/bacula-9.6.6/src/lib/bregex.h:142:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char re_syntax_table[256];
data/bacula-9.6.6/src/lib/bsnprintf.c:509:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char convert[25];
data/bacula-9.6.6/src/lib/bsnprintf.c:640:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iconvert[311];
data/bacula-9.6.6/src/lib/bsnprintf.c:641:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fconvert[311];
data/bacula-9.6.6/src/lib/bsnprintf.c:643:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iconvert[311];
data/bacula-9.6.6/src/lib/bsnprintf.c:644:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fconvert[311];
data/bacula-9.6.6/src/lib/bsnprintf.c:646:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[10];
data/bacula-9.6.6/src/lib/bsnprintf.c:861:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[LONG_STRING];
data/bacula-9.6.6/src/lib/bsnprintf.c:862:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[LONG_STRING];
data/bacula-9.6.6/src/lib/bsnprintf.c:863:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MSGLEN];
data/bacula-9.6.6/src/lib/bsock.c:125:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bashed_name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/lib/bsock.c:616:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg, cmsg, msglen);
data/bacula-9.6.6/src/lib/bsock.c:711:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool BSOCK::open(JCR *jcr, const char *name, char *host, char *service,
data/bacula-9.6.6/src/lib/bsock.c:714:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool status = BSOCKCORE::open(jcr, name, host, service, port, heart_beat, fatal);
data/bacula-9.6.6/src/lib/bsock.c:902:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/lib/bsock.c:943:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256]; // extend this buffer when hexdata becomes longer
data/bacula-9.6.6/src/lib/bsock.c:959:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ofname[30];
data/bacula-9.6.6/src/lib/bsock.c:981:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ofname[30];
data/bacula-9.6.6/src/lib/bsock.c:983:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(ofname, O_RDONLY);
data/bacula-9.6.6/src/lib/bsock.h:63:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(JCR *jcr, const char *name, char *host, char *service,
data/bacula-9.6.6/src/lib/bsockcore.c:66:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[54];
data/bacula-9.6.6/src/lib/bsockcore.c:190:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
for (i = 0; !open(jcr, name, host, service, port, heart_beat, &fatal);
data/bacula-9.6.6/src/lib/bsockcore.c:267:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool BSOCKCORE::open(JCR *jcr, const char *name, char *host, char *service,
data/bacula-9.6.6/src/lib/bsockcore.c:295:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char allbuf[256 * 10];
data/bacula-9.6.6/src/lib/bsockcore.c:296:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curbuf[256];
data/bacula-9.6.6/src/lib/bsockcore.c:1217:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/lib/bsockcore.c:1288:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256]; // extend this buffer when hexdata becomes longer
data/bacula-9.6.6/src/lib/bsockcore.c:1304:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ofname[30];
data/bacula-9.6.6/src/lib/bsockcore.c:1321:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ofname[30];
data/bacula-9.6.6/src/lib/bsockcore.c:1323:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(ofname, O_RDONLY);
data/bacula-9.6.6/src/lib/bsockcore.h:122:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(JCR *jcr, const char *name, char *host, char *service,
data/bacula-9.6.6/src/lib/bstat.c:1058:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/lib/bsys.c:61:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(snew, "null");
data/bacula-9.6.6/src/lib/bsys.c:103:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(snew, "null");
data/bacula-9.6.6/src/lib/bsys.c:143:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prbuf[500];
data/bacula-9.6.6/src/lib/bsys.c:468:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, buf, len);
data/bacula-9.6.6/src/lib/bsys.c:486:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tm, ltm, sizeof(struct tm));
data/bacula-9.6.6/src/lib/bsys.c:592:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidbuf[20];
data/bacula-9.6.6/src/lib/bsys.c:598:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pidfd = open(fname, O_RDONLY|O_BINARY, 0)) < 0 ||
data/bacula-9.6.6/src/lib/bsys.c:628:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pidfd = open(fname, O_CREAT|O_TRUNC|O_WRONLY|O_BINARY, 0640)) >= 0) {
data/bacula-9.6.6/src/lib/bsys.c:629:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(pidbuf, "%d\n", (int)getpid());
data/bacula-9.6.6/src/lib/bsys.c:646:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidbuf[20];
data/bacula-9.6.6/src/lib/bsys.c:649:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*fd = open(fname, O_CREAT|O_RDWR, 0640)) >= 0) {
data/bacula-9.6.6/src/lib/bsys.c:665:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(pidbuf, "%d\n", (int)getpid());
data/bacula-9.6.6/src/lib/bsys.c:721:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[14];
data/bacula-9.6.6/src/lib/bsys.c:748:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sfd = open(fname, O_RDONLY|O_BINARY)) < 0) {
data/bacula-9.6.6/src/lib/bsys.c:800:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sfd = open(fname, O_CREAT|O_WRONLY|O_BINARY, 0640)) < 0) {
data/bacula-9.6.6/src/lib/bsys.c:1091:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/bacula-9.6.6/src/lib/bsys.c:1093:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_src = open(src, O_RDONLY);
data/bacula-9.6.6/src/lib/bsys.c:1098:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_dst = open(dst, O_WRONLY | O_CREAT | O_EXCL, 0600);
data/bacula-9.6.6/src/lib/bsys.c:1181:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bfd_buf[1000];
data/bacula-9.6.6/src/lib/bsys.c:1254:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#undef fopen
data/bacula-9.6.6/src/lib/bsys.c:1258:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options[50];
data/bacula-9.6.6/src/lib/bsys.c:1266:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(path, options);
data/bacula-9.6.6/src/lib/bsys.c:1313:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/bacula-9.6.6/src/lib/bsys.c:1366:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/bacula-9.6.6/src/lib/bsys.c:1423:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int j = (argc >= 2) ? atoi(argv[1]) : 1;
data/bacula-9.6.6/src/lib/bsys.c:1424:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int maxfd = (argc == 3) ? atoi(argv[2]) : 0;
data/bacula-9.6.6/src/lib/bsys.c:1432:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open("/dev/null", O_RDONLY);
data/bacula-9.6.6/src/lib/collect.c:221:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/lib/collect.c:362:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/bacula-9.6.6/src/lib/cram-md5.c:49:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chal[MAXSTRING];
data/bacula-9.6.6/src/lib/cram-md5.c:50:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[MAXSTRING];
data/bacula-9.6.6/src/lib/cram-md5.c:115:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chal[MAXSTRING];
data/bacula-9.6.6/src/lib/crc32.c:439:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5000];
data/bacula-9.6.6/src/lib/crc32.c:459:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(argv[0], "rb");
data/bacula-9.6.6/src/lib/crc32.c:481:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char rnddata[512] = {
data/bacula-9.6.6/src/lib/daemon.c:123:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/null", O_RDONLY, 0644);
data/bacula-9.6.6/src/lib/dlist.c:373:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/bacula-9.6.6/src/lib/dlist.c:386:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "This is dlist item %d", i);
data/bacula-9.6.6/src/lib/dlist.c:420:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "This is dlist item %d", i);
data/bacula-9.6.6/src/lib/dlist.c:452:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "ZZZ");
data/bacula-9.6.6/src/lib/dlist.c:485:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "ZZZZZZZZZZZZZZZZ");
data/bacula-9.6.6/src/lib/dlist.c:517:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "ZZZ");
data/bacula-9.6.6/src/lib/dlist.h:200:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_str[1];
data/bacula-9.6.6/src/lib/edit.c:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *c, mbuf[50];
data/bacula-9.6.6/src/lib/edit.c:145:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbuf[50];
data/bacula-9.6.6/src/lib/edit.c:165:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbuf[50];
data/bacula-9.6.6/src/lib/edit.c:268:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mod_str[20];
data/bacula-9.6.6/src/lib/edit.c:269:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num_str[50];
data/bacula-9.6.6/src/lib/edit.c:315:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mybuf[200];
data/bacula-9.6.6/src/lib/edit.c:344:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mod_str[20];
data/bacula-9.6.6/src/lib/edit.c:345:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num_str[50];
data/bacula-9.6.6/src/lib/edit.c:565:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bacula-9.6.6/src/lib/edit.c:566:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outval[100];
data/bacula-9.6.6/src/lib/flist.c:95:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/bacula-9.6.6/src/lib/flist.c:96:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buftmp[30];
data/bacula-9.6.6/src/lib/flist.c:128:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "This is item %d", i);
data/bacula-9.6.6/src/lib/flist.c:132:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buftmp, "This is item %d", dn++);
data/bacula-9.6.6/src/lib/flist.c:147:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buftmp, "This is item %d", dn++);
data/bacula-9.6.6/src/lib/flist.c:166:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "This is item %d", i);
data/bacula-9.6.6/src/lib/flist.c:178:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "This is item %d", dn++);
data/bacula-9.6.6/src/lib/fnmatch.c:332:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/bacula-9.6.6/src/lib/guid_to_name.c:125:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/bacula-9.6.6/src/lib/guid_to_name.c:153:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/bacula-9.6.6/src/lib/guid_to_name.c:182:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/lib/hmac.c:72:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k_ipad, key, key_len);
data/bacula-9.6.6/src/lib/hmac.c:73:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k_opad, k_ipad, PAD_LEN);
data/bacula-9.6.6/src/lib/htable.c:218:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[100];
data/bacula-9.6.6/src/lib/htable.c:230:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)big, (void *)this, sizeof(htable)); /* start with original class data */
data/bacula-9.6.6/src/lib/htable.c:273:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this, big, sizeof(htable)); /* move everything across */
data/bacula-9.6.6/src/lib/htable.c:440:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mkey[30];
data/bacula-9.6.6/src/lib/htable.c:456:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(mkey, "This is htable item %d", i) + 1;
data/bacula-9.6.6/src/lib/htable.c:460:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jcr->key, mkey, len);
data/bacula-9.6.6/src/lib/htable.c:479:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mkey, "This is htable item %d", i);
data/bacula-9.6.6/src/lib/htable.h:74:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first[1]; /* first byte */
data/bacula-9.6.6/src/lib/ini.c:86:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXSTRING];
data/bacula-9.6.6/src/lib/ini.c:731:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2000];
data/bacula-9.6.6/src/lib/ini.h:53:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nameval[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/lib/ini.h:202:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(items, aitems, (i+1) * size);
data/bacula-9.6.6/src/lib/jcr.c:152:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)je, (char *)&job, sizeof(job));
data/bacula-9.6.6/src/lib/jcr.c:1174:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jobid[maxlen+1];
data/bacula-9.6.6/src/lib/jcr.c:1233:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[128], buf2[128], buf3[128], buf4[128];
data/bacula-9.6.6/src/lib/lex.c:83:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXSTRING];
data/bacula-9.6.6/src/lib/lex.c:84:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char more[MAXSTRING];
data/bacula-9.6.6/src/lib/lex.c:161:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lf, of, sizeof(LEX));
data/bacula-9.6.6/src/lib/lex.c:192:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nf, lf, sizeof(LEX));
data/bacula-9.6.6/src/lib/lex.c:248:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} else if ((fd = fopen(fname, "rb")) == NULL) {
data/bacula-9.6.6/src/lib/lex.c:255:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nf, lf, sizeof(LEX));
data/bacula-9.6.6/src/lib/lockmgr.c:1345:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fclose(fopen("/tmp/aaa", "a"));
data/bacula-9.6.6/src/lib/lockmgr.c:1356:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fclose(fopen("/tmp/aaa2", "a"));
data/bacula-9.6.6/src/lib/lockmgr.c:1421:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/bacula-9.6.6/src/lib/lz4.c:220:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memPtr, &value, sizeof(value));
data/bacula-9.6.6/src/lib/lz4.c:225:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memPtr, &value, sizeof(value));
data/bacula-9.6.6/src/lib/lz4.c:254:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst,src,8);
data/bacula-9.6.6/src/lib/lz4.c:670:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, anchor, lastRun);
data/bacula-9.6.6/src/lib/lz4.c:887:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, anchor, lastRunSize);
data/bacula-9.6.6/src/lib/lz4.c:1178:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, ip, length);
data/bacula-9.6.6/src/lib/lz4.c:1217:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, dictEnd - copySize, copySize);
data/bacula-9.6.6/src/lib/lz4.c:1224:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, lowPrefix, restSize);
data/bacula-9.6.6/src/lib/lz4.c:1239:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op+4, match, 4);
data/bacula-9.6.6/src/lib/lz4_encoder.h:226:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, anchor, iend - anchor);
data/bacula-9.6.6/src/lib/md5.c:101:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buf, len);
data/bacula-9.6.6/src/lib/md5.c:104:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buf, t);
data/bacula-9.6.6/src/lib/md5.c:113:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->in, buf, 64);
data/bacula-9.6.6/src/lib/md5.c:122:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->in, buf, len);
data/bacula-9.6.6/src/lib/md5.c:129:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
data/bacula-9.6.6/src/lib/md5.c:166:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, ctx->buf, 16);
data/bacula-9.6.6/src/lib/md5.c:296:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5000];
data/bacula-9.6.6/src/lib/md5.c:297:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[20];
data/bacula-9.6.6/src/lib/md5.c:319:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(argv[0], "rb");
data/bacula-9.6.6/src/lib/md5.c:336:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MD5buf[40]; /* 24 should do */
data/bacula-9.6.6/src/lib/md5.c:346:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bin[40];
data/bacula-9.6.6/src/lib/md5.h:40:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern void MD5Final(unsigned char digest[16], struct MD5Context *ctx);
data/bacula-9.6.6/src/lib/mem_pool.c:396:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/lib/mem_pool.c:438:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[30];
data/bacula-9.6.6/src/lib/mem_pool.c:443:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%-6d", pool);
data/bacula-9.6.6/src/lib/mem_pool.c:476:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*pm+pmlen, str, len);
data/bacula-9.6.6/src/lib/mem_pool.c:489:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pm+pmlen, str, len);
data/bacula-9.6.6/src/lib/mem_pool.c:499:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pm+pmlen, str.c_str(), len);
data/bacula-9.6.6/src/lib/mem_pool.c:512:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pm.c_str()+pmlen, str, len);
data/bacula-9.6.6/src/lib/mem_pool.c:523:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pm.c_str()+pmlen, str.c_str(), len);
data/bacula-9.6.6/src/lib/mem_pool.c:539:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*pm, str, len);
data/bacula-9.6.6/src/lib/mem_pool.c:551:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pm, str, len);
data/bacula-9.6.6/src/lib/mem_pool.c:560:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pm, str.c_str(), len);
data/bacula-9.6.6/src/lib/mem_pool.c:572:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pm.c_str(), str, len);
data/bacula-9.6.6/src/lib/mem_pool.c:583:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*pm, data, n);
data/bacula-9.6.6/src/lib/mem_pool.c:590:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pm, data, n);
data/bacula-9.6.6/src/lib/mem_pool.c:597:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pm, data.c_str(), n);
data/bacula-9.6.6/src/lib/mem_pool.c:604:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pm.c_str(), data, n);
data/bacula-9.6.6/src/lib/mem_pool.c:654:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem+pmlen, str, len);
data/bacula-9.6.6/src/lib/mem_pool.c:666:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem, str, len);
data/bacula-9.6.6/src/lib/message.c:52:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_engine_name[50] = {0}; /* Database engine name or type */
data/bacula-9.6.6/src/lib/message.c:53:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char con_fname[500]; /* Console filename */
data/bacula-9.6.6/src/lib/message.c:54:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char my_name[MAX_NAME_LENGTH] = {0}; /* daemon name is stored here */
data/bacula-9.6.6/src/lib/message.c:55:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host_name[50] = {0}; /* host machine name */
data/bacula-9.6.6/src/lib/message.c:56:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fail_time[30] = {0}; /* Time of failure */
data/bacula-9.6.6/src/lib/message.c:148:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/lib/message.c:326:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2000];
data/bacula-9.6.6/src/lib/message.c:370:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/null", O_RDONLY, 0644);
data/bacula-9.6.6/src/lib/message.c:399:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dnew, d, sizeof(DEST));
data/bacula-9.6.6/src/lib/message.c:416:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jcr->jcr_msgs->send_msg, msg->send_msg, sizeof(msg->send_msg));
data/bacula-9.6.6/src/lib/message.c:425:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(daemon_msgs->send_msg, msg->send_msg, sizeof(msg->send_msg));
data/bacula-9.6.6/src/lib/message.c:439:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(con_fname, O_CREAT|O_RDWR|O_BINARY, 0600);
data/bacula-9.6.6/src/lib/message.c:786:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bacula-9.6.6/src/lib/message.c:824:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/lib/message.c:912:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/lib/message.c:1112:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[200];
data/bacula-9.6.6/src/lib/message.c:1144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5000];
data/bacula-9.6.6/src/lib/message.c:1295:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5000];
data/bacula-9.6.6/src/lib/message.c:1334:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5000];
data/bacula-9.6.6/src/lib/message.c:1379:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5000];
data/bacula-9.6.6/src/lib/message.c:1464:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[5000];
data/bacula-9.6.6/src/lib/message.c:1952:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, *t, tag[256];
data/bacula-9.6.6/src/lib/message.h:105:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_types[nbytes_for_bits(M_MAX+1)]; /* message type mask */
data/bacula-9.6.6/src/lib/message.h:133:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1]; /* message text */
data/bacula-9.6.6/src/lib/openssl.c:60:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/bacula-9.6.6/src/lib/output.c:81:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/lib/output.c:195:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/lib/output.c:389:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/lib/output.h:92:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char separator_str[2];
data/bacula-9.6.6/src/lib/parse_conf.c:230:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res, m_res_all, size);
data/bacula-9.6.6/src/lib/parse_conf.c:308:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res, config->m_res_all, size);
data/bacula-9.6.6/src/lib/parse_conf.c:574:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[CRYPTO_DIGEST_MD5_SIZE];
data/bacula-9.6.6/src/lib/parse_conf.c:575:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig[100];
data/bacula-9.6.6/src/lib/parse_conf.c:587:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&sig[j], "%02x", digest[i]);
data/bacula-9.6.6/src/lib/parse_conf.c:797:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bsize[500];
data/bacula-9.6.6/src/lib/parse_conf.c:870:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char period[500];
data/bacula-9.6.6/src/lib/parse_conf.c:1219:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szConfigDir[MAX_PATH + 1] = { 0 };
data/bacula-9.6.6/src/lib/parse_conf.c:1262:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(full_path, config_dir, dir_length + 1);
data/bacula-9.6.6/src/lib/parse_conf.c:1268:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&full_path[dir_length], config_file, file_length);
data/bacula-9.6.6/src/lib/parse_conf.h:142:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item_present[MAX_RES_ITEMS]; /* set if item is present in conf file */
data/bacula-9.6.6/src/lib/parse_conf.h:175:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char send_msg[nbytes_for_bits(M_MAX+1)]; /* bit array of types */
data/bacula-9.6.6/src/lib/priv.c:49:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[1000];
data/bacula-9.6.6/src/lib/rblist.c:393:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/bacula-9.6.6/src/lib/rblist.c:403:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "ZZZ");
data/bacula-9.6.6/src/lib/runscript.c:73:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, sizeof(RUNSCRIPT));
data/bacula-9.6.6/src/lib/runscript.c:223:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTRING];
data/bacula-9.6.6/src/lib/scan.c:327:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*file, f, *fnl); /* copy filename */
data/bacula-9.6.6/src/lib/scan.c:334:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*path, fname, *pnl);
data/bacula-9.6.6/src/lib/scan.c:550:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bacula-9.6.6/src/lib/scan.c:554:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[200];
data/bacula-9.6.6/src/lib/scan.c:590:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolCatStatus[20]; /* Volume status */
data/bacula-9.6.6/src/lib/scan.c:591:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolCatName[MAX_NAME_LENGTH]; /* Desired volume to mount */
data/bacula-9.6.6/src/lib/sellist.c:181:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/lib/sellist.c:254:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MSGLEN];
data/bacula-9.6.6/src/lib/serial.c:45:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &vo, sizeof vo);
data/bacula-9.6.6/src/lib/serial.c:55:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &vo, sizeof vo);
data/bacula-9.6.6/src/lib/serial.c:65:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &vo, sizeof vo);
data/bacula-9.6.6/src/lib/serial.c:75:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &vo, sizeof vo);
data/bacula-9.6.6/src/lib/serial.c:84:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &v, sizeof(int64_t));
data/bacula-9.6.6/src/lib/serial.c:93:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &rv, sizeof(int64_t));
data/bacula-9.6.6/src/lib/serial.c:104:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &v, sizeof(uint64_t));
data/bacula-9.6.6/src/lib/serial.c:113:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &rv, sizeof(uint64_t));
data/bacula-9.6.6/src/lib/serial.c:124:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &v, sizeof(btime_t));
data/bacula-9.6.6/src/lib/serial.c:133:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &rv, sizeof(btime_t));
data/bacula-9.6.6/src/lib/serial.c:150:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &v, sizeof(float64_t));
data/bacula-9.6.6/src/lib/serial.c:159:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &rv, sizeof(float64_t));
data/bacula-9.6.6/src/lib/serial.c:184:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&vo, *ptr, sizeof vo);
data/bacula-9.6.6/src/lib/serial.c:195:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&vo, *ptr, sizeof vo);
data/bacula-9.6.6/src/lib/serial.c:206:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&vo, *ptr, sizeof vo);
data/bacula-9.6.6/src/lib/serial.c:217:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&vo, *ptr, sizeof vo);
data/bacula-9.6.6/src/lib/serial.c:229:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, *ptr, sizeof(int64_t));
data/bacula-9.6.6/src/lib/serial.c:235:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, *ptr, sizeof(uint64_t));
data/bacula-9.6.6/src/lib/serial.c:239:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, &rv, sizeof(uint64_t));
data/bacula-9.6.6/src/lib/serial.c:252:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, *ptr, sizeof(uint64_t));
data/bacula-9.6.6/src/lib/serial.c:258:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, *ptr, sizeof(uint64_t));
data/bacula-9.6.6/src/lib/serial.c:262:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, &rv, sizeof(uint64_t));
data/bacula-9.6.6/src/lib/serial.c:275:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, *ptr, sizeof(btime_t));
data/bacula-9.6.6/src/lib/serial.c:281:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, *ptr, sizeof(btime_t));
data/bacula-9.6.6/src/lib/serial.c:285:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, &rv, sizeof(btime_t));
data/bacula-9.6.6/src/lib/serial.c:305:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, *ptr, sizeof(float64_t));
data/bacula-9.6.6/src/lib/serial.c:311:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, *ptr, sizeof(float64_t));
data/bacula-9.6.6/src/lib/serial.c:315:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, &rv, sizeof(float64_t));
data/bacula-9.6.6/src/lib/serial.h:115:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define ser_int128(x) memcpy(ser_ptr, x, sizeof(int128_t)), ser_ptr += sizeof(int128_t)
data/bacula-9.6.6/src/lib/serial.h:118:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define ser_bytes(x, len) memcpy(ser_ptr, (x), (len)), ser_ptr += (len)
data/bacula-9.6.6/src/lib/serial.h:155:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define unser_int128(x) memcpy(ser_ptr, x, sizeof(int128_t)), ser_ptr += sizeof(int128_t)
data/bacula-9.6.6/src/lib/serial.h:158:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define unser_bytes(x, len) memcpy((x), ser_ptr, (len)), ser_ptr += (len)
data/bacula-9.6.6/src/lib/sha1.c:409:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *testarray[NRTESTS] =
data/bacula-9.6.6/src/lib/sha1.c:448:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
err = SHA1Update(&sha, (const unsigned char *) testarray[j], strlen(testarray[j]));
data/bacula-9.6.6/src/lib/sha1.c:474:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
err = SHA1Update(&sha,(const unsigned char *) testarray[1], 1);
data/bacula-9.6.6/src/lib/sha1.c:493:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5000];
data/bacula-9.6.6/src/lib/sha1.c:494:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[25];
data/bacula-9.6.6/src/lib/sha1.c:500:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(argv[1], "rb");
data/bacula-9.6.6/src/lib/sha2.c:364:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->block[ctx->len], message, rem_len);
data/bacula-9.6.6/src/lib/sha2.c:381:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->block, &shifted_message[block_nb << 6],
data/bacula-9.6.6/src/lib/sha2.c:561:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->block[ctx->len], message, rem_len);
data/bacula-9.6.6/src/lib/sha2.c:578:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->block, &shifted_message[block_nb << 7],
data/bacula-9.6.6/src/lib/sha2.c:663:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->block[ctx->len], message, rem_len);
data/bacula-9.6.6/src/lib/sha2.c:680:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->block, &shifted_message[block_nb << 7],
data/bacula-9.6.6/src/lib/sha2.c:763:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->block[ctx->len], message, rem_len);
data/bacula-9.6.6/src/lib/sha2.c:780:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->block, &shifted_message[block_nb << 6],
data/bacula-9.6.6/src/lib/sha2.c:835:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[2 * SHA512_DIGEST_SIZE + 1];
data/bacula-9.6.6/src/lib/sha2.c:841:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output + 2 * i, "%02x", digest[i]);
data/bacula-9.6.6/src/lib/sha2.c:853:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *vectors[4][3] =
data/bacula-9.6.6/src/lib/sha2.c:894:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[SHA512_DIGEST_SIZE];
data/bacula-9.6.6/src/lib/sha2.h:58:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[2 * SHA256_BLOCK_SIZE];
data/bacula-9.6.6/src/lib/sha2.h:65:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[2 * SHA512_BLOCK_SIZE];
data/bacula-9.6.6/src/lib/signal.c:48:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *sig_names[BA_NSIG+1];
data/bacula-9.6.6/src/lib/signal.c:90:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/bacula-9.6.6/src/lib/signal.c:154:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *argv[5];
data/bacula-9.6.6/src/lib/signal.c:155:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pid_buf[20];
data/bacula-9.6.6/src/lib/signal.c:156:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char btpath[400];
data/bacula-9.6.6/src/lib/signal.c:157:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[400];
data/bacula-9.6.6/src/lib/signal.c:183:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)working_directory, "/tmp/");
data/bacula-9.6.6/src/lib/signal.c:188:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)working_directory, "/tmp/");
data/bacula-9.6.6/src/lib/signal.c:192:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pid_buf, "%d", (int)main_pid);
data/bacula-9.6.6/src/lib/smartall.c:220:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (((unsigned char *)cp)[head->ablen - 1] != ((((intptr_t) cp) & 0xFF) ^ 0xC5)) {
data/bacula-9.6.6/src/lib/smartall.c:332:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ptr, (int)sm_min(size, osize));
data/bacula-9.6.6/src/lib/smartall.c:414:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[500];
data/bacula-9.6.6/src/lib/smartall.c:422:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/bacula-9.6.6/src/lib/smartall.c:475:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (((unsigned char *) ap)[((struct abufhead *)ap)->ablen - 1] !=
data/bacula-9.6.6/src/lib/smartall.c:507:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[80];
data/bacula-9.6.6/src/lib/smartall.c:526:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmsg + strlen(errmsg), " %02X",
data/bacula-9.6.6/src/lib/smartall.c:529:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmsg + strlen(errmsg), " %c ",
data/bacula-9.6.6/src/lib/status.h:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char api_opts[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/lib/status.h:63:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(user->msg, msg, len+1);
data/bacula-9.6.6/src/lib/status.h:78:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH], b1[30], b2[30];
data/bacula-9.6.6/src/lib/status.h:79:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char level[10];
data/bacula-9.6.6/src/lib/status.h:100:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char JobName[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/lib/status.h:102:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bacula-9.6.6/src/lib/tcpd.h:16:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[STRING_LENGTH]; /* access via eval_hostname(host) */
data/bacula-9.6.6/src/lib/tcpd.h:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */
data/bacula-9.6.6/src/lib/tcpd.h:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[STRING_LENGTH]; /* access via eval_user(request) */
data/bacula-9.6.6/src/lib/tcpd.h:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */
data/bacula-9.6.6/src/lib/tcpd.h:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pid[10]; /* access via eval_pid(request) */
data/bacula-9.6.6/src/lib/tls.c:79:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char issuer[256];
data/bacula-9.6.6/src/lib/tls.c:80:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subject[256];
data/bacula-9.6.6/src/lib/tls.c:274:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[256];
data/bacula-9.6.6/src/lib/tree.c:464:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/bacula-9.6.6/src/lib/tree.c:507:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathbuf[MAXPATHLEN];
data/bacula-9.6.6/src/lib/tree.c:508:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[MAXPATHLEN];
data/bacula-9.6.6/src/lib/tree.c:567:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/bacula-9.6.6/src/lib/tree.h:32:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first[1]; /* first byte */
data/bacula-9.6.6/src/lib/util.c:164:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(buf, "%04d-%02d-%02d %02d:%02d:%02d",
data/bacula-9.6.6/src/lib/util.c:287:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bacula-9.6.6/src/lib/util.c:661:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTRING];
data/bacula-9.6.6/src/lib/util.c:713:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5key[16], md5key1[16];
data/bacula-9.6.6/src/lib/util.c:714:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/bacula-9.6.6/src/lib/util.c:869:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char add[50];
data/bacula-9.6.6/src/lib/util.c:870:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_ESCAPE_NAME_LENGTH];
data/bacula-9.6.6/src/lib/var.c:69:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char char_class_t[256]; /* 256 == 2 ^ sizeof(unsigned char)*8 */
data/bacula-9.6.6/src/lib/var.c:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[((sizeof(int)*8)/3)+10];
data/bacula-9.6.6/src/lib/var.c:192:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->bufptr, buffer, bufsize);
data/bacula-9.6.6/src/lib/var.c:239:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(upper, lower, sizeof(var_parse_t));
data/bacula-9.6.6/src/lib/var.c:324:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, data, len);
data/bacula-9.6.6/src/lib/var.c:360:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, output->begin, output->end - output->begin);
data/bacula-9.6.6/src/lib/var.c:383:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)output->end, data, len);
data/bacula-9.6.6/src/lib/var.c:1391:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[((sizeof(int)*8)/3)+10]; /* sufficient size: <#bits> x log_10(2) + safety */
data/bacula-9.6.6/src/lib/var.c:1392:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", (int)(data->end - data->begin));
data/bacula-9.6.6/src/lib/var.c:1853:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/bacula-9.6.6/src/lib/var.c:2717:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
str = (char *)var_errors[rc];
data/bacula-9.6.6/src/lib/worker.c:401:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "This is item %d", i);
data/bacula-9.6.6/src/lib/worker.c:414:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "This is item %d", i);
data/bacula-9.6.6/src/lib/worker.c:425:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "This is item %d", i);
data/bacula-9.6.6/src/plugins/fd/bpipe-fd.c:123:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char where[512];
data/bacula-9.6.6/src/plugins/fd/bpipe-fd.c:369:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bacula-9.6.6/src/plugins/fd/bpipe-fd.c:673:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char add[10];
data/bacula-9.6.6/src/plugins/fd/docker/dkcommctx.c:354:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *envp[3];
data/bacula-9.6.6/src/plugins/fd/docker/dkcommctx.c:767:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*param = atoi(value);
data/bacula-9.6.6/src/plugins/fd/docker/dkcommctx.c:1353:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prbuf[500];
data/bacula-9.6.6/src/plugins/fd/docker/dkcommctx.c:1627:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *paramtab[10];
data/bacula-9.6.6/src/plugins/fd/docker/dkid.c:87:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Digest, dig, DKIDDIGESTSIZE);
data/bacula-9.6.6/src/plugins/fd/docker/dkid.c:92:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Digest, dig, len);
data/bacula-9.6.6/src/plugins/fd/docker/dkid.c:93:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Digest + len, "(...)\0", 6);
data/bacula-9.6.6/src/plugins/fd/docker/dkid.c:96:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(DigestShort, dig, DKIDDIGESTShortSIZE);
data/bacula-9.6.6/src/plugins/fd/docker/dkid.c:146:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Digest, other.Digest, DKIDDIGESTSIZE);
data/bacula-9.6.6/src/plugins/fd/docker/dkid.c:147:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(DigestShort, other.DigestShort, DKIDDIGESTShortSIZE);
data/bacula-9.6.6/src/plugins/fd/docker/dkid.h:61:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Digest[DKIDDIGESTSIZE + 1];
data/bacula-9.6.6/src/plugins/fd/docker/dkid.h:62:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DigestShort[DKIDDIGESTShortSIZE + 1];
data/bacula-9.6.6/src/plugins/fd/docker/dkinfo.c:188:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suff[2];
data/bacula-9.6.6/src/plugins/fd/docker/docker-fd.c:793:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dkfd = open(wname.c_str(), O_RDONLY);
data/bacula-9.6.6/src/plugins/fd/docker/docker-fd.c:835:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dkfd = open(fname, O_CREAT|O_WRONLY, 0640);
data/bacula-9.6.6/src/plugins/fd/docker/docker-fd.c:875:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dkfd = open(wname.c_str(), O_WRONLY);
data/bacula-9.6.6/src/plugins/fd/docker/docker-fd.c:1026:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(flog.c_str(), O_RDONLY);
data/bacula-9.6.6/src/plugins/fd/fd_common.h:172:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base[MAX_NAME_LENGTH]; /* base name */
data/bacula-9.6.6/src/plugins/fd/fd_common.h:173:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MAX_NAME_LENGTH]; /* group of backup */
data/bacula-9.6.6/src/plugins/fd/fd_common.h:174:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH]; /* job name */
data/bacula-9.6.6/src/plugins/fd/fd_common.h:175:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prev[MAX_NAME_LENGTH]; /* based on jobname */
data/bacula-9.6.6/src/plugins/fd/fd_common.h:176:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char root[MAX_NAME_LENGTH]; /* root of this branch */
data/bacula-9.6.6/src/plugins/fd/fd_common.h:177:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rootdiff[MAX_NAME_LENGTH]; /* root of diff if any */
data/bacula-9.6.6/src/plugins/fd/fd_common.h:263:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bacula-9.6.6/src/plugins/fd/fd_common.h:264:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curkey[MAX_NAME_LENGTH]; /* key */
data/bacula-9.6.6/src/plugins/fd/fd_common.h:265:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curjobname[MAX_NAME_LENGTH]; /* jobname */
data/bacula-9.6.6/src/plugins/fd/fd_common.h:266:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prevjob[MAX_NAME_LENGTH]; /* last jobname */
data/bacula-9.6.6/src/plugins/fd/fd_common.h:267:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rootjob[MAX_NAME_LENGTH]; /* root jobname */
data/bacula-9.6.6/src/plugins/fd/fd_common.h:268:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/plugins/fd/fd_common.h:349:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bacula-9.6.6/src/plugins/fd/fd_common.h:350:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curkey[MAX_NAME_LENGTH]; /* key */
data/bacula-9.6.6/src/plugins/fd/fd_common.h:351:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curjobname[MAX_NAME_LENGTH]; /* jobname */
data/bacula-9.6.6/src/plugins/fd/fd_common.h:352:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prevjob[MAX_NAME_LENGTH]; /* last jobname */
data/bacula-9.6.6/src/plugins/fd/fd_common.h:353:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rootjob[MAX_NAME_LENGTH]; /* root jobname */
data/bacula-9.6.6/src/plugins/fd/fd_common.h:354:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/plugins/fd/fd_common.h:499:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curkey[MAX_NAME_LENGTH]; /* key */
data/bacula-9.6.6/src/plugins/fd/fd_common.h:500:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jobname[MAX_NAME_LENGTH]; /* jobname */
data/bacula-9.6.6/src/plugins/fd/fd_common.h:501:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prevjob[MAX_NAME_LENGTH]; /* last jobname */
data/bacula-9.6.6/src/plugins/fd/fd_common.h:502:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rootjob[MAX_NAME_LENGTH]; /* root jobname */
data/bacula-9.6.6/src/plugins/fd/fd_common.h:503:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/plugins/fd/test-deltaseq-fd.c:356:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
self->fd = fopen(io->fname, "r+");
data/bacula-9.6.6/src/plugins/fd/test-deltaseq-fd.c:358:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
self->fd = fopen(io->fname, "w"); /* file doesn't exist,create it */
data/bacula-9.6.6/src/plugins/fd/test-deltaseq-fd.c:368:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
self->fd = fopen(self->fname, "r");
data/bacula-9.6.6/src/plugins/fd/test-plugin-fd.c:126:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char where[1000];
data/bacula-9.6.6/src/plugins/fd/test-plugin-fd.c:274:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(q, "w")) != NULL) {
data/bacula-9.6.6/src/plugins/fd/test-plugin-fd.c:577:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(q, "w")) != NULL) {
data/bacula-9.6.6/src/plugins/sd/main.c:53:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plugin_dir[1000];
data/bacula-9.6.6/src/qt-console/bcomm/dircomm.cpp:75:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bacula-9.6.6/src/qt-console/bcomm/dircomm_auth.cpp:61:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bashed_name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/qt-console/console/console.cpp:575:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bacula-9.6.6/src/qt-console/job/job.cpp:386:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/bacula-9.6.6/src/qt-console/main.cpp:117:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/qt-console/mainwin.cpp:644:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bacula-9.6.6/src/qt-console/mediainfo/mediainfo.cpp:126:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/bacula-9.6.6/src/qt-console/medialist/mediaview.cpp:232:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/bacula-9.6.6/src/qt-console/qstd.cpp:71:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool fileExists = outfile.open(QIODevice::ReadOnly);
data/bacula-9.6.6/src/qt-console/qstd.cpp:81:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile.open(QIODevice::WriteOnly);
data/bacula-9.6.6/src/qt-console/qstd.cpp:94:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool fileExists = infile.open(QIODevice::ReadOnly);
data/bacula-9.6.6/src/qt-console/restore/restore.cpp:94:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modes[20], user[20], group[20], size[20], date[30];
data/bacula-9.6.6/src/qt-console/restore/restore.cpp:95:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marked[10];
data/bacula-9.6.6/src/qt-console/restore/restore.cpp:310:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1000];
data/bacula-9.6.6/src/qt-console/restore/restore.cpp:375:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1000];
data/bacula-9.6.6/src/qt-console/restore/restore.cpp:405:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1000];
data/bacula-9.6.6/src/qt-console/restore/restore.cpp:433:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cd_cmd[MAXSTRING];
data/bacula-9.6.6/src/qt-console/select/select.cpp:59:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[100];
data/bacula-9.6.6/src/qt-console/storage/content.cpp:176:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/bacula-9.6.6/src/qt-console/testprogs/examp/mainwindow.cpp:112:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::WriteOnly | QFile::Text)) {
data/bacula-9.6.6/src/qt-console/tray-monitor/authenticate.cpp:59:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bashed_name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/qt-console/tray-monitor/conf.cpp:80:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(tmp.c_str(), "w");
data/bacula-9.6.6/src/qt-console/tray-monitor/conf.cpp:287:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/qt-console/tray-monitor/dirstatus.cpp:47:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/qt-console/tray-monitor/fdstatus.cpp:48:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/qt-console/tray-monitor/filesmodel.h:207:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/bacula-9.6.6/src/qt-console/tray-monitor/pluginwizardpage.cpp:156:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::WriteOnly)) {
data/bacula-9.6.6/src/qt-console/tray-monitor/runjob.cpp:256:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/qt-console/tray-monitor/runjob.cpp:349:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(file, "r");
data/bacula-9.6.6/src/qt-console/tray-monitor/sdstatus.cpp:47:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/qt-console/tray-monitor/task.cpp:1075:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/bacula-9.6.6/src/qt-console/tray-monitor/task.cpp:1178:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(name.toLatin1().data(), "r");
data/bacula-9.6.6/src/qt-console/tray-monitor/task.cpp:1483:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret->open(QIODevice::WriteOnly);
data/bacula-9.6.6/src/qt-console/tray-monitor/task.h:66:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[256];
data/bacula-9.6.6/src/qt-console/tray-monitor/tray-monitor.cpp:232:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tray.have_systray = (atoi(optarg) != 0);
data/bacula-9.6.6/src/qt-console/tray-monitor/tray-monitor.cpp:243:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/qt-console/tray-monitor/tray-ui.h:92:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/bacula-9.6.6/src/qt-console/tray-monitor/tray_conf.h:73:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Client[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/qt-console/tray-monitor/tray_conf.h:74:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FileSet[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/qt-console/tray-monitor/tray_conf.h:75:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Storage[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/qt-console/tray-monitor/tray_conf.h:76:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char RStorage[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/qt-console/tray-monitor/tray_conf.h:78:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/qt-console/tray-monitor/tray_conf.h:79:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CurrentFile[4096];
data/bacula-9.6.6/src/qt-console/tray-monitor/tray_conf.h:111:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/qt-console/tray-monitor/tray_conf.h:112:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/qt-console/tray-monitor/tray_conf.h:113:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plugins[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/qt-console/tray-monitor/tray_conf.h:114:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char started[32]; /* ISO date */
data/bacula-9.6.6/src/qt-console/tray-monitor/tray_conf.h:115:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reloaded[32]; /* ISO date */
data/bacula-9.6.6/src/qt-console/tray-monitor/win32/qplatformdefs.h:133:35: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define QT_FOPEN ::fopen
data/bacula-9.6.6/src/qt-console/util/fmtwidgetitem.cpp:52:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/bacula-9.6.6/src/qt-console/util/fmtwidgetitem.cpp:191:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bacula-9.6.6/src/qt-console/util/fmtwidgetitem.cpp:246:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/bacula-9.6.6/src/qt-console/win32/qplatformdefs.h:133:35: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define QT_FOPEN ::fopen
data/bacula-9.6.6/src/stored/acquire.c:71:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/stored/acquire.c:215:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/stored/acquire.c:485:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[100];
data/bacula-9.6.6/src/stored/ansi_label.c:57:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[80]; /* tape label */
data/bacula-9.6.6/src/stored/ansi_label.c:269:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ansi_volname[7]; /* 6 char + \0 */
data/bacula-9.6.6/src/stored/ansi_label.c:270:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[80]; /* tape label */
data/bacula-9.6.6/src/stored/ansi_label.c:271:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[20]; /* ansi date buffer */
data/bacula-9.6.6/src/stored/append.c:72:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bacula-9.6.6/src/stored/append.c:75:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec[50];
data/bacula-9.6.6/src/stored/append.c:184:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/bacula-9.6.6/src/stored/askdir.c:321:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastVolume[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/askdir.c:436:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50], ed4[50], ed5[50], ed6[50], ed7[50], ed8[50];
data/bacula-9.6.6/src/stored/autochanger.c:686:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100], *p;
data/bacula-9.6.6/src/stored/autochanger.c:736:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char add[20];
data/bacula-9.6.6/src/stored/autochanger.c:756:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(add, "%d", dcr->dev->drive_index);
data/bacula-9.6.6/src/stored/autochanger.c:763:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(add, "%d", dcr->VolCatInfo.Slot - 1);
data/bacula-9.6.6/src/stored/autochanger.c:767:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(add, "%d", dcr->VolCatInfo.Slot);
data/bacula-9.6.6/src/stored/bcopy.c:110:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/stored/bextract.c:99:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1000];
data/bacula-9.6.6/src/stored/bextract.c:149:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/stored/bextract.c:250:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/stored/bextract.c:330:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/stored/bextract.c:483:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50];
data/bacula-9.6.6/src/stored/bextract.c:548:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50];
data/bacula-9.6.6/src/stored/block.c:131:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/stored/block.c:455:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/stored/block.c:736:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/stored/block.h:162:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ser_buf[BLKHDR2_LENGTH]; /* Serial buffer for adata */
data/bacula-9.6.6/src/stored/block_util.c:53:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Id[BLKHDR_ID_LENGTH+1];
data/bacula-9.6.6/src/stored/block_util.c:61:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bacula-9.6.6/src/stored/block_util.c:184:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block, eblock, sizeof(DEV_BLOCK));
data/bacula-9.6.6/src/stored/block_util.c:186:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block->buf, eblock->buf, buf_len);
data/bacula-9.6.6/src/stored/block_util.c:189:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block->rechdr_queue, eblock->rechdr_queue, rechdr_len);
data/bacula-9.6.6/src/stored/block_util.c:347:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Id[BLKHDR_ID_LENGTH+1];
data/bacula-9.6.6/src/stored/block_util.c:541:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/stored/bls.c:91:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1000];
data/bacula-9.6.6/src/stored/bls.c:138:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/stored/bls.c:291:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bacula-9.6.6/src/stored/bls.c:423:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[100];
data/bacula-9.6.6/src/stored/bscan.c:176:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/stored/bscan.c:204:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
db_port = atoi(optarg);
data/bacula-9.6.6/src/stored/bscan.c:296:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/stored/bscan.c:380:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/stored/bscan.c:418:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30];
data/bacula-9.6.6/src/stored/bscan.c:425:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest[BASE64_SIZE(CRYPTO_DIGEST_MAX_SIZE)];
data/bacula-9.6.6/src/stored/bscan.c:714:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30], ed2[30], ed3[30];
data/bacula-9.6.6/src/stored/bscan.c:1219:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char term_code[70];
data/bacula-9.6.6/src/stored/bscan.c:1220:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdt[50], edt[50];
data/bacula-9.6.6/src/stored/bscan.c:1221:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30], ec2[30], ec3[30];
data/bacula-9.6.6/src/stored/bscan.c:1239:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(term_code, _("Job Termination code: %d"), mjcr->JobStatus);
data/bacula-9.6.6/src/stored/bsdjson.c:156:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/stored/bsdjson.c:206:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bacula-9.6.6/src/stored/bsdjson.c:473:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[500];
data/bacula-9.6.6/src/stored/bsdjson.c:678:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3000];
data/bacula-9.6.6/src/stored/bsr.h:42:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolumeName[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/bsr.h:43:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MediaType[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/bsr.h:44:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[MAX_NAME_LENGTH]; /* ***FIXME*** use alist here */
data/bacula-9.6.6/src/stored/bsr.h:61:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolumeName[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/bsr.h:62:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MediaType[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/bsr.h:63:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[MAX_NAME_LENGTH]; /* ***FIXME*** use alist here */
data/bacula-9.6.6/src/stored/bsr.h:69:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ClientName[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/bsr.h:130:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/btape.c:47:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100000];
data/bacula-9.6.6/src/stored/btape.c:49:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolName[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/btape.c:98:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *argk[MAX_CMD_ARGS];
data/bacula-9.6.6/src/stored/btape.c:99:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *argv[MAX_CMD_ARGS];
data/bacula-9.6.6/src/stored/btape.c:163:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bacula-9.6.6/src/stored/btape.c:232:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/stored/btape.c:381:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50], ec2[50];
data/bacula-9.6.6/src/stored/btape.c:396:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50], ec2[50];
data/bacula-9.6.6/src/stored/btape.c:427:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/urandom", O_RDONLY);
data/bacula-9.6.6/src/stored/btape.c:601:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(argk[1]);
data/bacula-9.6.6/src/stored/btape.c:653:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(argk[1]);
data/bacula-9.6.6/src/stored/btape.c:673:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(argk[1]);
data/bacula-9.6.6/src/stored/btape.c:904:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[200];
data/bacula-9.6.6/src/stored/btape.c:949:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[200];
data/bacula-9.6.6/src/stored/btape.c:1031:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
file_size = atoi(argv[i]);
data/bacula-9.6.6/src/stored/btape.c:1039:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nb_file = atoi(argv[i]);
data/bacula-9.6.6/src/stored/btape.c:1504:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
loaded = atoi(results);
data/bacula-9.6.6/src/stored/btape.c:1837:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(argk[1]);
data/bacula-9.6.6/src/stored/btape.c:1859:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(argk[1]);
data/bacula-9.6.6/src/stored/btape.c:1936:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(cmd);
data/bacula-9.6.6/src/stored/btape.c:1964:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50];
data/bacula-9.6.6/src/stored/btape.c:2047:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50];
data/bacula-9.6.6/src/stored/btape.c:2048:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bacula-9.6.6/src/stored/btape.c:2159:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50], ec2[50];
data/bacula-9.6.6/src/stored/btape.c:2160:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bacula-9.6.6/src/stored/btape.c:2340:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/stored/btape.c:2379:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(buf, O_CREAT|O_TRUNC|O_WRONLY, 0640);
data/bacula-9.6.6/src/stored/btape.c:2441:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(buf, O_RDONLY);
data/bacula-9.6.6/src/stored/btape.c:2708:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50], ec2[50];
data/bacula-9.6.6/src/stored/btape.c:2779:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this_block->buf, block->buf, this_block->buf_len);
data/bacula-9.6.6/src/stored/btape.c:2812:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
count = atoi(cmd);
data/bacula-9.6.6/src/stored/btape.c:3083:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50], ec2[50];
data/bacula-9.6.6/src/stored/butil.c:46:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[200];
data/bacula-9.6.6/src/stored/butil.c:49:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, _("Nohdr,"));
data/bacula-9.6.6/src/stored/butil.c:52:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, _("partial,"));
data/bacula-9.6.6/src/stored/butil.c:55:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, _("empty,"));
data/bacula-9.6.6/src/stored/butil.c:58:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, _("Nomatch,"));
data/bacula-9.6.6/src/stored/butil.c:61:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, _("cont,"));
data/bacula-9.6.6/src/stored/butil.c:140:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolName[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/cloud_dev.c:202:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char partnumber[20];
data/bacula-9.6.6/src/stored/cloud_dev.c:330:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xferbuf[32];
data/bacula-9.6.6/src/stored/cloud_dev.c:739:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/stored/cloud_dev.c:865:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/stored/cloud_dev.c:1073:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((m_fd = ::open(archive_name.c_str(), mode|O_CLOEXEC, 0640)) < 0) {
data/bacula-9.6.6/src/stored/cloud_dev.c:1565:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/stored/cloud_dev.c:2231:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
part->index = atoi(&ext[1]);
data/bacula-9.6.6/src/stored/cloud_driver.h:62:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char partnumber[20];
data/bacula-9.6.6/src/stored/cloud_test.c:101:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bacula-9.6.6/src/stored/cloud_test.c:191:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/stored/cloud_transfer_mgr.c:208:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec[30];
data/bacula-9.6.6/src/stored/cloud_transfer_mgr.c:667:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec0[30],ec1[30],ec2[30],ec3[30],ec4[30];
data/bacula-9.6.6/src/stored/dev.c:394:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char add[20];
data/bacula-9.6.6/src/stored/dev.c:684:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100];
data/bacula-9.6.6/src/stored/dev.c:830:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/stored/dev.h:226:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolCatStatus[20]; /* Volume status */
data/bacula-9.6.6/src/stored/dev.h:227:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolCatName[MAX_NAME_LENGTH]; /* Desired volume to mount */
data/bacula-9.6.6/src/stored/dev.h:337:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pool_name[MAX_NAME_LENGTH]; /* pool name */
data/bacula-9.6.6/src/stored/dev.h:338:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pool_type[MAX_NAME_LENGTH]; /* pool type */
data/bacula-9.6.6/src/stored/dev.h:339:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserved_pool_name[MAX_NAME_LENGTH]; /* pool name for reserves */
data/bacula-9.6.6/src/stored/dev.h:341:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LoadedVolName[MAX_NAME_LENGTH]; /* Last loaded Volume */
data/bacula-9.6.6/src/stored/dev.h:342:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock_holder[12]; /* holder of SCSI lock */
data/bacula-9.6.6/src/stored/dev.h:757:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolumeName[MAX_NAME_LENGTH]; /* Volume name */
data/bacula-9.6.6/src/stored/dev.h:758:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pool_name[MAX_NAME_LENGTH]; /* pool name */
data/bacula-9.6.6/src/stored/dev.h:759:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pool_type[MAX_NAME_LENGTH]; /* pool type */
data/bacula-9.6.6/src/stored/dev.h:760:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char media_type[MAX_NAME_LENGTH]; /* media type */
data/bacula-9.6.6/src/stored/dev.h:761:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[MAX_NAME_LENGTH]; /* dev name */
data/bacula-9.6.6/src/stored/device.c:77:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PrevVolName[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/device.c:81:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b1[30], b2[30];
data/bacula-9.6.6/src/stored/device.c:83:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/stored/dircmd.c:171:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[100];
data/bacula-9.6.6/src/stored/dircmd.c:358:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sd_auth_key[200];
data/bacula-9.6.6/src/stored/dircmd.c:361:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/dircmd.c:448:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options[60];
data/bacula-9.6.6/src/stored/dircmd.c:449:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tags[512];
data/bacula-9.6.6/src/stored/dircmd.c:501:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/dircmd.c:691:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/stored/dircmd.c:793:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char volname[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/dircmd.c:794:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtype[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/dircmd.c:1636:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/dircmd.c:1637:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char volumename[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/ebcdic.c:26:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char to_ascii_table[256] = {
data/bacula-9.6.6/src/stored/ebcdic.c:95:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char to_ebcdic_table[256] = {
data/bacula-9.6.6/src/stored/fd_cmds.c:114:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30];
data/bacula-9.6.6/src/stored/file_dev.c:40:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return ::open(pathname, flags | O_CLOEXEC);
data/bacula-9.6.6/src/stored/file_dev.c:186:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((m_fd = ::open(archive_name.c_str(), mode|O_CLOEXEC, 0640)) < 0) {
data/bacula-9.6.6/src/stored/file_dev.c:284:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dev->m_fd = ::open(archive_name.c_str(), mode|O_CLOEXEC, st.st_mode)) < 0) {
data/bacula-9.6.6/src/stored/file_dev.c:433:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/stored/file_driver.c:369:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
part->index = atoi(&ext[1]);
data/bacula-9.6.6/src/stored/hello.c:135:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char job_name[500];
data/bacula-9.6.6/src/stored/hello.c:258:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char job_name[500];
data/bacula-9.6.6/src/stored/job.c:63:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sd_auth_key[200];
data/bacula-9.6.6/src/stored/job.c:64:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spool_size[30];
data/bacula-9.6.6/src/stored/job.c:65:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seed[100];
data/bacula-9.6.6/src/stored/label.c:535:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/stored/label.c:695:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bacula-9.6.6/src/stored/label.c:897:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bacula-9.6.6/src/stored/label.c:980:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bacula-9.6.6/src/stored/label.c:1098:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/bacula-9.6.6/src/stored/label.c:1124:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, _("Unknown %d"), VolHdr.LabelType);
data/bacula-9.6.6/src/stored/label.c:1150:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[50];
data/bacula-9.6.6/src/stored/label.c:1173:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30], ec2[30], ec3[30], ec4[30], ec5[30], ec6[30], ec7[30];
data/bacula-9.6.6/src/stored/label.c:1219:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[50];
data/bacula-9.6.6/src/stored/label.c:1355:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[50];
data/bacula-9.6.6/src/stored/label.c:1369:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30], ed2[30];
data/bacula-9.6.6/src/stored/mount.c:438:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saveVolumeName[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/os.c:286:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bacula-9.6.6/src/stored/parse_bsr.c:283:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prbuf[500];
data/bacula-9.6.6/src/stored/parse_bsr.c:727:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/stored/parse_bsr.c:1056:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXSTRING];
data/bacula-9.6.6/src/stored/read.c:48:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec[50];
data/bacula-9.6.6/src/stored/read.c:119:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50], ec2[50];
data/bacula-9.6.6/src/stored/read.c:193:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bacula-9.6.6/src/stored/read.c:196:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50], ec2[50];
data/bacula-9.6.6/src/stored/read_records.c:118:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/stored/read_records.c:388:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/stored/read_records.c:434:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/stored/read_records.c:463:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bacula-9.6.6/src/stored/read_records.c:496:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[200];
data/bacula-9.6.6/src/stored/record.h:169:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Id[32]; /* Bacula Immortal ... */
data/bacula-9.6.6/src/stored/record.h:185:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolumeName[MAX_NAME_LENGTH]; /* Volume name */
data/bacula-9.6.6/src/stored/record.h:186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PrevVolumeName[MAX_NAME_LENGTH]; /* Previous Volume Name */
data/bacula-9.6.6/src/stored/record.h:187:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PoolName[MAX_NAME_LENGTH]; /* Pool name */
data/bacula-9.6.6/src/stored/record.h:188:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PoolType[MAX_NAME_LENGTH]; /* Pool type */
data/bacula-9.6.6/src/stored/record.h:189:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MediaType[MAX_NAME_LENGTH]; /* Type of this media */
data/bacula-9.6.6/src/stored/record.h:191:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HostName[MAX_NAME_LENGTH]; /* Host name of writing computer */
data/bacula-9.6.6/src/stored/record.h:192:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LabelProg[50]; /* Label program name */
data/bacula-9.6.6/src/stored/record.h:193:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ProgVersion[50]; /* Program version */
data/bacula-9.6.6/src/stored/record.h:194:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ProgDate[50]; /* Program build date/time */
data/bacula-9.6.6/src/stored/record.h:197:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AlignedVolumeName[MAX_NAME_LENGTH+4]; /* Aligned block volume name */
data/bacula-9.6.6/src/stored/record.h:218:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Id[32]; /* Bacula Immortal ... */
data/bacula-9.6.6/src/stored/record.h:234:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PoolName[MAX_NAME_LENGTH]; /* Pool name */
data/bacula-9.6.6/src/stored/record.h:235:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PoolType[MAX_NAME_LENGTH]; /* Pool type */
data/bacula-9.6.6/src/stored/record.h:236:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char JobName[MAX_NAME_LENGTH]; /* base Job name */
data/bacula-9.6.6/src/stored/record.h:237:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ClientName[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/record.h:238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH]; /* Unique name of this Job */
data/bacula-9.6.6/src/stored/record.h:239:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FileSetName[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/record.h:240:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FileSetMD5[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/record_read.c:47:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bacula-9.6.6/src/stored/record_read.c:188:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bacula-9.6.6/src/stored/record_read.c:203:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rec->data+rec->data_len, block->bufp, rec->data_bytes);
data/bacula-9.6.6/src/stored/record_read.c:215:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rec->data+rec->data_len, block->bufp, rec->remlen);
data/bacula-9.6.6/src/stored/record_read.c:306:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bacula-9.6.6/src/stored/record_util.c:40:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", fi);
data/bacula-9.6.6/src/stored/record_util.c:64:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, _("unknown: %d"), fi);
data/bacula-9.6.6/src/stored/record_util.c:84:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", stream);
data/bacula-9.6.6/src/stored/record_util.c:158:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", -stream);
data/bacula-9.6.6/src/stored/record_util.c:229:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", stream);
data/bacula-9.6.6/src/stored/record_util.c:288:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/bacula-9.6.6/src/stored/record_write.c:185:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block->bufp, rec->data+rec->data_len-rec->remainder,
data/bacula-9.6.6/src/stored/record_write.c:195:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block->bufp, rec->data+rec->data_len-rec->remainder,
data/bacula-9.6.6/src/stored/record_write.c:261:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bacula-9.6.6/src/stored/reserve.h:39:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/reserve.h:40:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char media_type[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/reserve.h:41:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pool_name[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/reserve.h:42:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pool_type[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/reserve.h:62:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolumeName[MAX_NAME_LENGTH]; /* Vol name suggested by DIR */
data/bacula-9.6.6/src/stored/s3_driver.c:631:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
part->index = atoi(&(ext[5]));
data/bacula-9.6.6/src/stored/scan.c:43:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolumeName[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/sd_plugins.c:419:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2000];
data/bacula-9.6.6/src/stored/sd_plugins.c:439:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2000];
data/bacula-9.6.6/src/stored/sd_plugins.c:458:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plugin_dir[1000];
data/bacula-9.6.6/src/stored/sd_plugins.c:463:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(my_name, "test-dir");
data/bacula-9.6.6/src/stored/sdcollect.c:215:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(user->msg, out.c_str(), len);
data/bacula-9.6.6/src/stored/spool.c:71:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30], ed2[30];
data/bacula-9.6.6/src/stored/spool.c:161:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((spool_fd = open(name, O_CREAT|O_TRUNC|O_RDWR|O_BINARY|O_CLOEXEC, 0640)) >= 0) {
data/bacula-9.6.6/src/stored/spool.c:190:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50];
data/bacula-9.6.6/src/stored/spool.c:439:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30], ec2[30];
data/bacula-9.6.6/src/stored/spool.c:666:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30];
data/bacula-9.6.6/src/stored/spool.c:667:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[100];
data/bacula-9.6.6/src/stored/spool.c:755:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[100];
data/bacula-9.6.6/src/stored/status.c:66:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char edt[50];
data/bacula-9.6.6/src/stored/status.c:288:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b1[35], b2[35], b3[35];
data/bacula-9.6.6/src/stored/status.c:365:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/stored/status.c:521:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/stored/status.c:522:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b1[35], b2[35], b3[35], b4[35], b5[35];
data/bacula-9.6.6/src/stored/status.c:650:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b1[35];
data/bacula-9.6.6/src/stored/status.c:839:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char JobName[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/stored/status.c:840:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b1[50], b2[50], b3[50], b4[50];
data/bacula-9.6.6/src/stored/status.c:987:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bs->msg, msg.c_str(), len+1);
data/bacula-9.6.6/src/stored/status.c:1027:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argk[MAX_CMD_ARGS]; /* argument keywords */
data/bacula-9.6.6/src/stored/status.c:1028:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[MAX_CMD_ARGS]; /* argument values */
data/bacula-9.6.6/src/stored/status.c:1061:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
api = atoi(argv[i]);
data/bacula-9.6.6/src/stored/stored.c:171:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/stored/stored.c:523:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prbuf[500];
data/bacula-9.6.6/src/stored/stored_conf.c:464:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bacula-9.6.6/src/stored/tape_alert.c:86:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTRING];
data/bacula-9.6.6/src/stored/tape_dev.h:29:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alerts[10];
data/bacula-9.6.6/src/stored/tape_worm.c:45:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTRING];
data/bacula-9.6.6/src/stored/vbackup.c:46:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50];
data/bacula-9.6.6/src/stored/vbackup.c:210:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bacula-9.6.6/src/stored/vtape_dev.c:913:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = ::open("/dev/null", O_RDWR | O_LARGEFILE, 0600);
data/bacula-9.6.6/src/stored/vtape_dev.c:916:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = ::open(pathname, O_RDWR | O_LARGEFILE | O_CLOEXEC, 0600);
data/bacula-9.6.6/src/stored/vtape_dev.c:928:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(lockfile, ".l");
data/bacula-9.6.6/src/stored/vtape_dev.c:930:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lockfd = ::open(lockfile, O_CREAT | O_RDWR | O_LARGEFILE | O_CLOEXEC, 0600);
data/bacula-9.6.6/src/stored/wait.c:226:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/stored/wait.c:270:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/tools/bbatch.c:140:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/tools/bbatch.c:327:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1024];
data/bacula-9.6.6/src/tools/bbatch.c:334:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fd = fopen(datafile, "r");
data/bacula-9.6.6/src/tools/bbatch.c:354:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[200], ed2[200];
data/bacula-9.6.6/src/tools/bregex.c:71:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prbuf[500];
data/bacula-9.6.6/src/tools/bregex.c:74:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1000];
data/bacula-9.6.6/src/tools/bregex.c:75:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pat[500];
data/bacula-9.6.6/src/tools/bregex.c:92:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/tools/bregex.c:142:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fname, "r");
data/bacula-9.6.6/src/tools/bregtest.c:63:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1000];
data/bacula-9.6.6/src/tools/bregtest.c:76:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/tools/bregtest.c:126:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fname, "r");
data/bacula-9.6.6/src/tools/bsmtp.c:74:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char my_hostname[MAXSTRING];
data/bacula-9.6.6/src/tools/bsmtp.c:108:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bacula-9.6.6/src/tools/bsmtp.c:226:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tzbuf[MAXSTRING];
data/bacula-9.6.6/src/tools/bsmtp.c:246:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bacula-9.6.6/src/tools/bsmtp.c:260:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mail_port[10];
data/bacula-9.6.6/src/tools/bsmtp.c:307:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/tools/bsmtp.c:324:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mailport = atoi(p);
data/bacula-9.6.6/src/tools/bsmtp.c:340:37: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxlines = (unsigned long) atol(optarg);
data/bacula-9.6.6/src/tools/bsmtp.c:510:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&sin.sin_addr, hp->h_addr, hp->h_length);
data/bacula-9.6.6/src/tools/bsnapshot.c:126:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bacula-9.6.6/src/tools/bsnapshot.c:130:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
debug = fopen(path, "a");
data/bacula-9.6.6/src/tools/bsnapshot.c:406:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/tools/bsnapshot.c:407:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char puuid[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/tools/bsnapshot.c:408:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char otime[MAX_NAME_LENGTH];
data/bacula-9.6.6/src/tools/bsnapshot.c:409:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1];
data/bacula-9.6.6/src/tools/bsnapshot.c:486:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/tools/bsnapshot.c:563:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[50], day[50], hour[50];
data/bacula-9.6.6/src/tools/bsnapshot.c:660:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[50];
data/bacula-9.6.6/src/tools/bsnapshot.c:716:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/tools/bsnapshot.c:856:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/tools/bsnapshot.c:938:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DayW[50], Month[50], CreateDate[50];
data/bacula-9.6.6/src/tools/bsnapshot.c:939:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *buf[4];
data/bacula-9.6.6/src/tools/bsnapshot.c:1077:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/bacula-9.6.6/src/tools/bsnapshot.c:1320:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name, *ts, buf[128], *lvname;
data/bacula-9.6.6/src/tools/bsnapshot.c:1371:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/tools/bsnapshot.c:1620:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048]; /* Size for a single line */
data/bacula-9.6.6/src/tools/bsnapshot.c:1785:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/tools/bsnapshot.c:1886:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/tools/bvfs_test.c:136:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/tools/bvfs_test.c:310:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[200];
data/bacula-9.6.6/src/tools/bvfs_test.c:311:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, "/tmp/toto/rep/");
data/bacula-9.6.6/src/tools/bwild.c:48:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1000];
data/bacula-9.6.6/src/tools/bwild.c:49:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pat[500];
data/bacula-9.6.6/src/tools/bwild.c:64:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/tools/bwild.c:111:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fname, "r");
data/bacula-9.6.6/src/tools/cats_test.c:219:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[20];
data/bacula-9.6.6/src/tools/cats_test.c:246:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/tools/cats_test.c:471:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "This string should be 'escaped'");
data/bacula-9.6.6/src/tools/cats_test.c:507:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(jr2.Job, "test");
data/bacula-9.6.6/src/tools/cats_test.c:575:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cr.Uname, "NewUname");
data/bacula-9.6.6/src/tools/cats_test.c:611:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pr.PoolType, "Backup");
data/bacula-9.6.6/src/tools/cats_test.c:637:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pr2.PoolType, "Restore");
data/bacula-9.6.6/src/tools/cats_test.c:638:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pr2.LabelFormat, "VolFormat");
data/bacula-9.6.6/src/tools/dbcheck.c:58:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[20000];
data/bacula-9.6.6/src/tools/dbcheck.c:155:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/tools/dbcheck.c:430:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int item = atoi(cmd);
data/bacula-9.6.6/src/tools/dbcheck.c:608:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/tools/dbcheck.c:682:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_name[5000];
data/bacula-9.6.6/src/tools/dbcheck.c:717:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/tools/dbcheck.c:739:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_name[5000];
data/bacula-9.6.6/src/tools/dbcheck.c:774:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bacula-9.6.6/src/tools/dbcheck.c:807:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/tools/dbcheck.c:851:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/tools/dbcheck.c:917:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/tools/dbcheck.c:967:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/tools/dbcheck.c:1008:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/tools/dbcheck.c:1049:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/tools/dbcheck.c:1090:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/tools/dbcheck.c:1127:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/tools/dbcheck.c:1160:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/tools/dbcheck.c:1193:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/tools/dbcheck.c:1227:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/tools/dbcheck.c:1241:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_name[5000];
data/bacula-9.6.6/src/tools/dbcheck.c:1245:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/tools/dbcheck.c:1292:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/tools/dbcheck.c:1305:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_name[5000];
data/bacula-9.6.6/src/tools/dbcheck.c:1309:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bacula-9.6.6/src/tools/dbcheck.c:1338:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cmd[1000];
data/bacula-9.6.6/src/tools/drivetype.c:48:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[100];
data/bacula-9.6.6/src/tools/drivetype.c:77:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/bacula-9.6.6/src/tools/fstype.c:49:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fstype[1];
data/bacula-9.6.6/src/tools/fstype.c:94:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fs[1000];
data/bacula-9.6.6/src/tools/gigaslam.c:39:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("gigaslam.gif", "w");
data/bacula-9.6.6/src/tools/grow.c:46:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[1], "r+");
data/bacula-9.6.6/src/tools/testfind.c:109:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/tools/testfind.c:284:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[100] = "";
data/bacula-9.6.6/src/tools/testfind.c:330:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attr[200];
data/bacula-9.6.6/src/tools/testfind.c:344:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[MAXSTRING];
data/bacula-9.6.6/src/tools/testfind.c:345:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spath[MAXSTRING];
data/bacula-9.6.6/src/tools/testls.c:75:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1000];
data/bacula-9.6.6/src/tools/testls.c:97:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bacula-9.6.6/src/tools/testls.c:143:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(inc, "rb");
data/bacula-9.6.6/src/tools/testls.c:156:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(exc, "rb");
data/bacula-9.6.6/src/tools/testls.c:238:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2000];
data/bacula-9.6.6/src/tools/testls.c:239:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30];
data/bacula-9.6.6/src/tools/testls.c:248:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, " %2d ", (uint32_t)statp->st_nlink);
data/bacula-9.6.6/src/tools/testls.c:250:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, "%-4d %-4d", (int)statp->st_uid, (int)statp->st_gid);
data/bacula-9.6.6/src/tools/testls.c:252:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, "%10.10s ", edit_uint64(statp->st_size, ec1));
data/bacula-9.6.6/src/tools/testls.c:255:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, "%4x ", (int)statp->st_rdev);
data/bacula-9.6.6/src/tools/testls.c:257:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, " ");
data/bacula-9.6.6/src/win32/compat/compat.cpp:299:7: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(pwszBuf, L"\\\\?\\");
data/bacula-9.6.6/src/win32/compat/compat.cpp:319:7: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t szDrive[3];
data/bacula-9.6.6/src/win32/compat/compat.cpp:583:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[200];
data/bacula-9.6.6/src/win32/compat/compat.cpp:816:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[1000];
data/bacula-9.6.6/src/win32/compat/compat.cpp:1853:7: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wszBuf[1024];
data/bacula-9.6.6/src/win32/compat/compat.cpp:1854:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuf[1024];
data/bacula-9.6.6/src/win32/compat/compat.cpp:1952:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char WIN_VERSION_LONG[64];
data/bacula-9.6.6/src/win32/compat/compat.cpp:1953:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char WIN_VERSION[32];
data/bacula-9.6.6/src/win32/compat/compat.cpp:1954:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char WIN_RAWVERSION[32];
data/bacula-9.6.6/src/win32/compat/compat.cpp:2002:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bacula-9.6.6/src/win32/compat/compat.cpp:2168:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pPathname, pExeStart, dwBasePathLength);
data/bacula-9.6.6/src/win32/compat/compat.cpp:2179:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pPathname, pAltPathname, dwAltNameLength);
data/bacula-9.6.6/src/win32/compat/compat.cpp:2195:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pPathname, pAltPathname, dwAltNameLength);
data/bacula-9.6.6/src/win32/compat/compat.cpp:2208:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*pexe, pAltPathname, dwAltNameLength + 1);
data/bacula-9.6.6/src/win32/compat/compat.cpp:2218:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*pexe, pPathname, dwPathnameLength + 1);
data/bacula-9.6.6/src/win32/compat/compat.cpp:2624:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[5000];
data/bacula-9.6.6/src/win32/compat/compat.cpp:2874:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *strings[2];
data/bacula-9.6.6/src/win32/compat/compat.cpp:2895:5: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
int mkstemp(char *t)
data/bacula-9.6.6/src/win32/compat/compat.cpp:2901:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(filename, O_RDWR | O_CREAT, 0600);
data/bacula-9.6.6/src/win32/compat/compat.cpp:2919:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50], ed4[50];
data/bacula-9.6.6/src/win32/compat/compat.h:155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_name[256];
data/bacula-9.6.6/src/win32/compat/compat.h:288:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open _open
data/bacula-9.6.6/src/win32/compat/compat.h:456:5: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
int mkstemp(char *t);
data/bacula-9.6.6/src/win32/compat/print.cpp:483:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char convert[20];
data/bacula-9.6.6/src/win32/compat/print.cpp:593:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iconvert[20];
data/bacula-9.6.6/src/win32/compat/print.cpp:594:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fconvert[20];
data/bacula-9.6.6/src/win32/compat/sys/mtio.h:191:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserved[10];
data/bacula-9.6.6/src/win32/filed/plugins/alldrives-fd.c:126:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argk[MAX_CMD_ARGS]; /* Argument keywords */
data/bacula-9.6.6/src/win32/filed/plugins/alldrives-fd.c:127:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[MAX_CMD_ARGS]; /* Argument values */
data/bacula-9.6.6/src/win32/filed/plugins/alldrives-fd.c:280:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/bacula-9.6.6/src/win32/filed/plugins/alldrives-fd.c:281:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[100];
data/bacula-9.6.6/src/win32/filed/plugins/alldrives-fd.c:313:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/bacula-9.6.6/src/win32/filed/plugins/alldrives-fd.c:314:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[100];
data/bacula-9.6.6/src/win32/filed/plugins/bpipe-fd.c:114:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char where[512];
data/bacula-9.6.6/src/win32/filed/plugins/bpipe-fd.c:488:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char add[10];
data/bacula-9.6.6/src/win32/filed/plugins/dbi_node.c:175:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(io->buf, buffer + buffer_pos, io->status);
data/bacula-9.6.6/src/win32/filed/plugins/dbi_node.c:184:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buffer[buffer_pos], io->buf, io->count);
data/bacula-9.6.6/src/win32/filed/plugins/exch_dbi_node.c:174:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(io->buf, buffer + buffer_pos, io->status);
data/bacula-9.6.6/src/win32/filed/plugins/exch_dbi_node.c:183:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buffer[buffer_pos], io->buf, io->count);
data/bacula-9.6.6/src/win32/filed/plugins/exch_node.c:80:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(retval + len, curr_node->name, strlen(curr_node->name));
data/bacula-9.6.6/src/win32/filed/plugins/exch_service_node.c:44:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aname[256];
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:177:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(logfile_ptr, tmp_logfile_ptr, (wcslen(tmp_logfile_ptr) + 1) * 2);
data/bacula-9.6.6/src/win32/filed/plugins/exchange-fd.h:118:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *path_bits[6];
data/bacula-9.6.6/src/win32/filed/plugins/node.c:78:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(retval + len, curr_node->name, strlen(curr_node->name));
data/bacula-9.6.6/src/win32/filed/plugins/service_node.c:42:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aname[256];
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:178:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(logfile_ptr, tmp_logfile_ptr, (wcslen(tmp_logfile_ptr) + 1) * 2);
data/bacula-9.6.6/src/win32/filed/vss.cpp:411:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t volumeRootPath[MAX_PATH];
data/bacula-9.6.6/src/win32/filed/vss.cpp:412:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t volumeName[MAX_PATH];
data/bacula-9.6.6/src/win32/filed/vss.cpp:413:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t volumeUniqueName[MAX_PATH];
data/bacula-9.6.6/src/win32/filed/vss_generic.cpp:829:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1000];
data/bacula-9.6.6/src/win32/libwin32/main.cpp:53:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char win_os[300];
data/bacula-9.6.6/src/win32/libwin32/main.cpp:59:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *command_args[MAX_COMMAND_ARGS] = {(char *)LC_APP_NAME, NULL};
data/bacula-9.6.6/src/win32/libwin32/main.cpp:373:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bacula-9.6.6/src/win32/libwin32/main.cpp:649:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/bacula-9.6.6/src/win32/libwin32/service.cpp:228:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[maxlen];
data/bacula-9.6.6/src/win32/libwin32/service.cpp:229:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char svcmd[maxlen];
data/bacula-9.6.6/src/win32/libwin32/service.cpp:467:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[500];
data/bacula-9.6.6/src/win32/libwin32/service.cpp:469:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *strings[3];
data/bacula-9.6.6/src/win32/stored/mtops.cpp:187:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szDeviceName[256] = "\\\\.\\";
data/bacula-9.6.6/src/win32/stored/postest/postest.cpp:5:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define tape_open open
data/bacula-9.6.6/src/win32/stored/win_tape_device.cpp:182:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szDeviceName[256] = "\\\\.\\";
data/bacula-9.6.6/src/win32/tools/ScsiDeviceList.cpp:124:4: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy(m_szLastKey, _T("\\Scsi"));
data/bacula-9.6.6/src/win32/tools/ScsiDeviceList.cpp:134:7: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy(m_szLastOperation, _T("Opening key "));
data/bacula-9.6.6/src/win32/tools/ScsiDeviceList.cpp:190:7: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szSubkeyName[c_MaxSubkeyLength + 1];
data/bacula-9.6.6/src/win32/tools/ScsiDeviceList.cpp:208:10: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy(m_szLastOperation, _T("Enumerating subkeys of "));
data/bacula-9.6.6/src/win32/tools/ScsiDeviceList.cpp:215:10: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy(m_szLastOperation, _T("Enumerating subkeys of "));
data/bacula-9.6.6/src/win32/tools/ScsiDeviceList.cpp:229:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_szLastKey[m_dwLastKeyLength], szSubkeyName, (dwSubkeyLength + 1) * sizeof(TCHAR));
data/bacula-9.6.6/src/win32/tools/ScsiDeviceList.cpp:237:10: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy(m_szLastOperation, _T("Opening key "));
data/bacula-9.6.6/src/win32/tools/ScsiDeviceList.cpp:273:4: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szValue[c_MaxValueLength + 1];
data/bacula-9.6.6/src/win32/tools/ScsiDeviceList.cpp:291:7: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy(m_szLastOperation, _T("Reading value "));
data/bacula-9.6.6/src/win32/tools/ScsiDeviceList.cpp:309:7: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy(m_szLastOperation, _T("Reading value "));
data/bacula-9.6.6/src/win32/tools/ScsiDeviceList.cpp:335:7: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy(m_szLastOperation, _T("Reading value "));
data/bacula-9.6.6/src/win32/tools/ScsiDeviceList.h:79:4: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR m_szDevicePath[c_MaxDevicePathLength + 1];
data/bacula-9.6.6/src/win32/tools/ScsiDeviceList.h:153:4: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR m_szLastOperation[80 + 1]; // Max length "Enumerating subkeys of "
data/bacula-9.6.6/src/win32/tools/ScsiDeviceList.h:154:4: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR m_szLastKey[c_MaxKeyPathLength + 1];
data/bacula-9.6.6/examples/nagios/check_bacula/authenticate.c:135:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(sd->msg, SDOKhello, strlen(SDOKhello)) != 0) {
data/bacula-9.6.6/examples/nagios/check_bacula/authenticate.c:174:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strncmp(fd->msg, FDOKhello, strlen(FDOKhello)) != 0)) {
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:104:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (pw, "");
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:161:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&md5c, (unsigned char *) pw, strlen(pw));
data/bacula-9.6.6/examples/nagios/check_bacula/check_bacula.c:366:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item->D_sock->msglen = strlen(command);
data/bacula-9.6.6/platforms/freebsd/tapetest.c:336:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stat = read(fd, buf, len);
data/bacula-9.6.6/platforms/freebsd/tapetest.c:355:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(rfd, dev->buf, dev->buf_len);
data/bacula-9.6.6/platforms/freebsd/tapetest.c:396:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((stat = read(dev->fd, buf, sizeof(buf))) < 0) {
data/bacula-9.6.6/platforms/freebsd/tapetest.c:448:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(rfd, dev->buf, dev->buf_len);
data/bacula-9.6.6/platforms/freebsd/tapetest.c:479:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = cmd + strlen(cmd) - 1;
data/bacula-9.6.6/platforms/freebsd/tapetest.c:590:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc(stdin)) != EOF) {
data/bacula-9.6.6/src/baconfig.h:550:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define strncpy bad_call_on_strncpy_use_bstrncpy
data/bacula-9.6.6/src/baconfig.h:577:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define bstrdup(str) strcpy((char *)b_malloc(__FILE__,__LINE__,strlen((str))+1),(str))
data/bacula-9.6.6/src/baconfig.h:579:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define bstrdup(str) strcpy((char *)bmalloc(strlen((str))+1),(str))
data/bacula-9.6.6/src/cats/bvfs.c:112:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(elt);
data/bacula-9.6.6/src/cats/bvfs.c:287:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(path) - 1;
data/bacula-9.6.6/src/cats/bvfs.c:319:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(path) - 1;
data/bacula-9.6.6/src/cats/bvfs.c:375:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mdb->pnl = strlen(mdb->path);
data/bacula-9.6.6/src/cats/bvfs.c:871:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db->pnl = strlen(db->path);
data/bacula-9.6.6/src/cats/bvfs.c:987:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db->fnl = strlen(fn);
data/bacula-9.6.6/src/cats/bvfs.c:1392:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp.check_size((strlen(tmp2.c_str())+1) * 2);
data/bacula-9.6.6/src/cats/bvfs.c:1405:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(tmp.c_str());
data/bacula-9.6.6/src/cats/bvfs.c:1573:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int l = strlen(lst.list); l > 0; l--) {
data/bacula-9.6.6/src/cats/bvfs.c:1583:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db->fnl = strlen((char *)res[2]);
data/bacula-9.6.6/src/cats/bvfs.h:95:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint32_t len = strlen(p);
data/bacula-9.6.6/src/cats/bvfs.h:101:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint32_t len = strlen(p);
data/bacula-9.6.6/src/cats/sql.c:334:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(elt);
data/bacula-9.6.6/src/cats/sql_create.c:66:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(jcr->comment); /* TODO: use jr instead of jcr to get comment */
data/bacula-9.6.6/src/cats/sql_create.c:70:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_job, jr->Job, strlen(jr->Job));
data/bacula-9.6.6/src/cats/sql_create.c:71:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_name, jr->Name, strlen(jr->Name));
data/bacula-9.6.6/src/cats/sql_create.c:158:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_name, pr->Name, strlen(pr->Name));
data/bacula-9.6.6/src/cats/sql_create.c:159:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_lf, pr->LabelFormat, strlen(pr->LabelFormat));
data/bacula-9.6.6/src/cats/sql_create.c:221:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, dr->Name, strlen(dr->Name));
data/bacula-9.6.6/src/cats/sql_create.c:267:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, sr->Name, strlen(sr->Name));
data/bacula-9.6.6/src/cats/sql_create.c:326:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, mr->MediaType, strlen(mr->MediaType));
data/bacula-9.6.6/src/cats/sql_create.c:377:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_name, mr->VolumeName, strlen(mr->VolumeName));
data/bacula-9.6.6/src/cats/sql_create.c:378:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_mtype, mr->MediaType, strlen(mr->MediaType));
data/bacula-9.6.6/src/cats/sql_create.c:379:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_status, mr->VolStatus, strlen(mr->VolStatus));
data/bacula-9.6.6/src/cats/sql_create.c:479:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_name, cr->Name, strlen(cr->Name));
data/bacula-9.6.6/src/cats/sql_create.c:480:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_uname, cr->Uname, strlen(cr->Uname));
data/bacula-9.6.6/src/cats/sql_create.c:626:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, cr->Counter, strlen(cr->Counter));
data/bacula-9.6.6/src/cats/sql_create.c:662:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_fs, fsr->FileSet, strlen(fsr->FileSet));
data/bacula-9.6.6/src/cats/sql_create.c:663:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_md5, fsr->MD5, strlen(fsr->MD5));
data/bacula-9.6.6/src/cats/sql_create.c:1184:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fnl = strlen(ro->object_name);
data/bacula-9.6.6/src/cats/sql_create.c:1190:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plug_name_len = strlen(ro->plugin_name);
data/bacula-9.6.6/src/cats/sql_create.c:1233:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
esc_vol = check_pool_memory_size(esc_vol, strlen(snap->Volume) * 2 + 1);
data/bacula-9.6.6/src/cats/sql_create.c:1234:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_vol, snap->Volume, strlen(snap->Volume));
data/bacula-9.6.6/src/cats/sql_create.c:1236:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
esc_dev = check_pool_memory_size(esc_dev, strlen(snap->Device) * 2 + 1);
data/bacula-9.6.6/src/cats/sql_create.c:1237:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_dev, snap->Device, strlen(snap->Device));
data/bacula-9.6.6/src/cats/sql_create.c:1239:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
esc_type = check_pool_memory_size(esc_type, strlen(snap->Type) * 2 + 1);
data/bacula-9.6.6/src/cats/sql_create.c:1240:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_type, snap->Type, strlen(snap->Type));
data/bacula-9.6.6/src/cats/sql_create.c:1242:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_comment, snap->Comment, strlen(snap->Comment));
data/bacula-9.6.6/src/cats/sql_create.c:1245:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_name, snap->Client, strlen(snap->Client));
data/bacula-9.6.6/src/cats/sql_create.c:1253:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_name, snap->FileSet, strlen(snap->FileSet));
data/bacula-9.6.6/src/cats/sql_create.c:1260:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_name, snap->Name, strlen(snap->Name));
data/bacula-9.6.6/src/cats/sql_delete.c:52:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, pr->Name, strlen(pr->Name));
data/bacula-9.6.6/src/cats/sql_find.c:59:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_name, jr->Name, strlen(jr->Name));
data/bacula-9.6.6/src/cats/sql_find.c:111:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_name, jr->Name, strlen(jr->Name));
data/bacula-9.6.6/src/cats/sql_find.c:209:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_name, jr->Name, strlen(jr->Name));
data/bacula-9.6.6/src/cats/sql_find.c:257:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_name, jr->Name, strlen(jr->Name));
data/bacula-9.6.6/src/cats/sql_find.c:305:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_name, jr->Name, strlen(jr->Name));
data/bacula-9.6.6/src/cats/sql_find.c:318:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MIN(strlen(Name), sizeof(esc_name)));
data/bacula-9.6.6/src/cats/sql_find.c:377:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_type, mr->MediaType, strlen(mr->MediaType));
data/bacula-9.6.6/src/cats/sql_find.c:378:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_status, mr->VolStatus, strlen(mr->VolStatus));
data/bacula-9.6.6/src/cats/sql_get.c:283:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, jr->Job, strlen(jr->Job));
data/bacula-9.6.6/src/cats/sql_get.c:652:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, pdbr->Name, strlen(pdbr->Name));
data/bacula-9.6.6/src/cats/sql_get.c:865:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, cdbr->Name, strlen(cdbr->Name));
data/bacula-9.6.6/src/cats/sql_get.c:912:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, cr->Counter, strlen(cr->Counter));
data/bacula-9.6.6/src/cats/sql_get.c:973:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, fsr->FileSet, strlen(fsr->FileSet));
data/bacula-9.6.6/src/cats/sql_get.c:1052:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, mr->MediaType, strlen(mr->MediaType));
data/bacula-9.6.6/src/cats/sql_get.c:1076:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, mr->VolumeName, strlen(mr->VolumeName));
data/bacula-9.6.6/src/cats/sql_get.c:1082:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, mr->VolStatus, strlen(mr->VolStatus));
data/bacula-9.6.6/src/cats/sql_get.c:1185:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, mr->VolumeName, strlen(mr->VolumeName));
data/bacula-9.6.6/src/cats/sql_get.c:1414:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, jr->Name, strlen(jr->Name));
data/bacula-9.6.6/src/cats/sql_get.c:1524:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, jr->Name, strlen(jr->Name));
data/bacula-9.6.6/src/cats/sql_get.c:1611:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, sr->Name, strlen(sr->Name));
data/bacula-9.6.6/src/cats/sql_get.c:1613:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, sr->Device, strlen(sr->Device));
data/bacula-9.6.6/src/cats/sql_get.c:1761:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, job_esc, jr->Name, strlen(jr->Name));
data/bacula-9.6.6/src/cats/sql_list.c:77:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, pdbr->Name, strlen(pdbr->Name));
data/bacula-9.6.6/src/cats/sql_list.c:201:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, mdbr->VolumeName, strlen(mdbr->VolumeName));
data/bacula-9.6.6/src/cats/sql_list.c:436:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, jr->Name, strlen(jr->Name));
data/bacula-9.6.6/src/cats/sql_list.c:445:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, jr->Job, strlen(jr->Job));
data/bacula-9.6.6/src/cats/sql_list.c:675:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, sdbr->Name, strlen(sdbr->Name));
data/bacula-9.6.6/src/cats/sql_list.c:692:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, sdbr->Client, strlen(sdbr->Client));
data/bacula-9.6.6/src/cats/sql_list.c:697:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
esc = check_pool_memory_size(esc, strlen(sdbr->Device) * 2 + 1);
data/bacula-9.6.6/src/cats/sql_list.c:698:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, sdbr->Device, strlen(sdbr->Device));
data/bacula-9.6.6/src/cats/sql_list.c:703:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, sdbr->Type, strlen(sdbr->Type));
data/bacula-9.6.6/src/cats/sql_list.c:708:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, sdbr->created_before, strlen(sdbr->created_before));
data/bacula-9.6.6/src/cats/sql_list.c:713:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, sdbr->created_after, strlen(sdbr->created_after));
data/bacula-9.6.6/src/cats/sql_list.c:722:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, sdbr->CreateDate, strlen(sdbr->CreateDate));
data/bacula-9.6.6/src/cats/sql_update.c:53:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(digest);
data/bacula-9.6.6/src/cats/sql_update.c:216:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_name, cr->Name, strlen(cr->Name));
data/bacula-9.6.6/src/cats/sql_update.c:217:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_uname, cr->Uname, strlen(cr->Uname));
data/bacula-9.6.6/src/cats/sql_update.c:242:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, cr->Counter, strlen(cr->Counter));
data/bacula-9.6.6/src/cats/sql_update.c:260:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, pr->LabelFormat, strlen(pr->LabelFormat));
data/bacula-9.6.6/src/cats/sql_update.c:325:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_name, mr->VolumeName, strlen(mr->VolumeName));
data/bacula-9.6.6/src/cats/sql_update.c:326:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc_status, mr->VolStatus, strlen(mr->VolStatus));
data/bacula-9.6.6/src/cats/sql_update.c:434:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc, mr->VolumeName, strlen(mr->VolumeName));
data/bacula-9.6.6/src/cats/sql_update.c:494:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bdb_escape_string(jcr, esc,mr->VolumeName,strlen(mr->VolumeName));
data/bacula-9.6.6/src/cats/sql_update.c:515:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(sr->Comment);
data/bacula-9.6.6/src/cats/sqlite.c:191:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(working_directory) + strlen(mdb->m_db_name) + 5;
data/bacula-9.6.6/src/cats/sqlite.c:191:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(working_directory) + strlen(mdb->m_db_name) + 5;
data/bacula-9.6.6/src/cats/sqlite.c:194:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(db_file, "/");
data/bacula-9.6.6/src/cats/sqlite.c:363:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base64_to_bin(*dest, expected_len+1, from, strlen(from));
data/bacula-9.6.6/src/console/conio.c:316:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, maxlen-1);
data/bacula-9.6.6/src/console/conio.c:404:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/bacula-9.6.6/src/console/conio.c:806:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = cl = strlen(str);
data/bacula-9.6.6/src/console/conio.c:1065:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(0, &c, 1) != 1) {
data/bacula-9.6.6/src/console/conio.c:1084:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t_sendl(msg, strlen(msg)); /* faster than one char at time */
data/bacula-9.6.6/src/console/console.c:216:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cmd);
data/bacula-9.6.6/src/console/console.c:226:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
UA_sock->msglen = strlen(UA_sock->msg);
data/bacula-9.6.6/src/console/console.c:298:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
UA_sock->msglen = strlen(UA_sock->msg);
data/bacula-9.6.6/src/console/console.c:392:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(buf);
data/bacula-9.6.6/src/console/console.c:399:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(buf);
data/bacula-9.6.6/src/console/console.c:589:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/bacula-9.6.6/src/console/console.c:607:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ret = (char *) actuallymalloc(strlen(name)+1);
data/bacula-9.6.6/src/console/console.c:895:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sock->msglen = strlen(sock->msg);
data/bacula-9.6.6/src/dird/authenticate.c:335:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(ua->msg, "Hello %127s calling %d", name, &ua_version) != 2 &&
data/bacula-9.6.6/src/dird/authenticate.c:336:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(ua->msg, "Hello %127s calling", name) != 1) {
data/bacula-9.6.6/src/dird/catreq.c:527:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fname); /* length before attributes */
data/bacula-9.6.6/src/dird/catreq.c:531:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = attr + strlen(attr) + 1; /* point to link */
data/bacula-9.6.6/src/dird/catreq.c:532:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = p + strlen(p) + 1; /* point to extended attributes */
data/bacula-9.6.6/src/dird/catreq.c:533:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = p + strlen(p) + 1; /* point to delta sequence */
data/bacula-9.6.6/src/dird/catreq.c:601:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ro.plugin_name);
data/bacula-9.6.6/src/dird/catreq.c:603:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ro.object_name);
data/bacula-9.6.6/src/dird/catreq.c:651:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Dmsg3(400, "DigestLen=%d Digest=%s type=%d\n", strlen(digestbuf),
data/bacula-9.6.6/src/dird/dird.c:1219:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db_driver_len = strlen(BDB_db_driver);
data/bacula-9.6.6/src/dird/dird.c:1225:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(catalog->db_driver) == 0) { // dbdriver field present but empty in bacula director conf file
data/bacula-9.6.6/src/dird/dird.c:1498:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int my_name_len = strlen(my_name);
data/bacula-9.6.6/src/dird/dird.c:1499:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(director->working_directory);
data/bacula-9.6.6/src/dird/dird_conf.c:926:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dev->reserved, dev->open, dev->append, dev->read, dev->labeled,
data/bacula-9.6.6/src/dird/dird_conf.h:157:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read; /* in read mode */
data/bacula-9.6.6/src/dird/expand.c:66:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*val_len = strlen(buf);
data/bacula-9.6.6/src/dird/expand.c:129:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*val_len = strlen(str);
data/bacula-9.6.6/src/dird/expand.c:213:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*val_len = bsnprintf(buf, sizeof(buf), "%d", strlen(buf));
data/bacula-9.6.6/src/dird/expand.c:220:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*val_len = strlen(buf);
data/bacula-9.6.6/src/dird/expand.c:308:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(val); /* return length of string */
data/bacula-9.6.6/src/dird/expand.c:410:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
in_len = strlen(inp);
data/bacula-9.6.6/src/dird/expand.c:437:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
in_len = strlen(inp);
data/bacula-9.6.6/src/dird/fd_cmds.c:136:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(jcr->sd_auth_key, 0, strlen(jcr->sd_auth_key));
data/bacula-9.6.6/src/dird/fd_cmds.c:141:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(fd->msg, OKjob, strlen(OKjob)) != 0) {
data/bacula-9.6.6/src/dird/fd_cmds.c:153:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bstrncpy(cr.Uname, fd->msg+strlen(OKjob)+1, sizeof(cr.Uname));
data/bacula-9.6.6/src/dird/fd_cmds.c:564:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optlen = strlen(buf);
data/bacula-9.6.6/src/dird/fd_cmds.c:591:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optlen = strlen(buf);
data/bacula-9.6.6/src/dird/fd_cmds.c:963:18: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if ((len = sscanf(fd->msg, "%ld %d %500s", &file_index, &stream, Digest)) != 3) { /* MAXSTRING */
data/bacula-9.6.6/src/dird/fd_cmds.c:1028:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db_escape_string(jcr, jcr->db, digest, Digest, strlen(Digest));
data/bacula-9.6.6/src/dird/fd_cmds.c:1030:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(digest), digest, ar->DigestType);
data/bacula-9.6.6/src/dird/getmsg.c:203:12: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if ((sscanf(bs->msg, "%020s JobId=%ld ", MsgType, &JobId) != 2) &&
data/bacula-9.6.6/src/dird/getmsg.c:204:12: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
(sscanf(bs->msg, "%020s Job=%127s ", MsgType, Job) != 2) &&
data/bacula-9.6.6/src/dird/getmsg.c:205:12: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
(sscanf(bs->msg, "%020s Job=x", MsgType) != 1)) {
data/bacula-9.6.6/src/dird/getmsg.c:231:15: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
(sscanf(bs->msg, "Jmsg Job=%127s type=%d level=%lld",
data/bacula-9.6.6/src/dird/getmsg.c:265:14: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(bs->msg, "BlastAttr JobId=%ld File=%255s",
data/bacula-9.6.6/src/dird/job.c:1420:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dt) + 5; /* dt + .%02d EOS */
data/bacula-9.6.6/src/dird/restore.c:479:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(jcr->sd_auth_key, 0, strlen(jcr->sd_auth_key));
data/bacula-9.6.6/src/dird/restore.c:602:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ro.object_full_len = ro.object_len = strlen(elt->content);
data/bacula-9.6.6/src/dird/run_conf.c:479:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/bacula-9.6.6/src/dird/run_conf.c:553:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lc->str) == 3 && strlen(p) == 3 &&
data/bacula-9.6.6/src/dird/run_conf.c:553:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lc->str) == 3 && strlen(p) == 3 &&
data/bacula-9.6.6/src/dird/snapshot.c:271:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(msg, "snapshotid=%50s", ed1) == 1) {
data/bacula-9.6.6/src/dird/ua_acl.c:33:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return acl_access_ok(ua, acl, item, strlen(item));
data/bacula-9.6.6/src/dird/ua_cmds.c:245:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ua->argk[0]);
data/bacula-9.6.6/src/dird/ua_cmds.c:374:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ua->cmd) >= MAX_NAME_LENGTH-10) {
data/bacula-9.6.6/src/dird/ua_cmds.c:378:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ua->cmd) == 0) {
data/bacula-9.6.6/src/dird/ua_cmds.c:768:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!speed_to_uint64(ua->argv[i], strlen(ua->argv[i]), &limit)) {
data/bacula-9.6.6/src/dird/ua_cmds.c:776:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!speed_to_uint64(ua->cmd, strlen(ua->cmd), &limit)) {
data/bacula-9.6.6/src/dird/ua_cmds.c:2077:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(errmsg.c_str()) > 0) {
data/bacula-9.6.6/src/dird/ua_cmds.c:2086:14: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(sd->msg, "volume=%127s", mr.VolumeName) != 1) {
data/bacula-9.6.6/src/dird/ua_cmds.c:2100:16: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pr.Name, "?");
data/bacula-9.6.6/src/dird/ua_dotcmds.c:156:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ua->argk[0]);
data/bacula-9.6.6/src/dird/ua_dotcmds.c:560:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(ua->cmd);
data/bacula-9.6.6/src/dird/ua_dotcmds.c:1159:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(ua->argv[pos]) > MAX_NAME_LENGTH))
data/bacula-9.6.6/src/dird/ua_dotcmds.c:1164:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ua->argv[pos], strlen(ua->argv[pos]));
data/bacula-9.6.6/src/dird/ua_dotcmds.c:1233:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(ua->argv[pos]) > MAX_NAME_LENGTH))
data/bacula-9.6.6/src/dird/ua_dotcmds.c:1245:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ua->argv[pos], strlen(ua->argv[pos]));
data/bacula-9.6.6/src/dird/ua_input.c:116:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ua->cmd[0] == 0 && strncmp(prompt, _("Enter slot"), strlen(_("Enter slot"))) == 0) {
data/bacula-9.6.6/src/dird/ua_input.c:175:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ua->cmd);
data/bacula-9.6.6/src/dird/ua_input.c:237:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/bacula-9.6.6/src/dird/ua_label.c:651:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/bacula-9.6.6/src/dird/ua_label.c:838:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p && strlen(p) > 1) {
data/bacula-9.6.6/src/dird/ua_label.c:1001:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ua->jcr->pool->cleaning_prefix),
data/bacula-9.6.6/src/dird/ua_label.c:1003:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(ua->jcr->pool->cleaning_prefix)));
data/bacula-9.6.6/src/dird/ua_label.c:1005:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ua->jcr->pool->cleaning_prefix)) == 0;
data/bacula-9.6.6/src/dird/ua_label.c:1026:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pr.Name, "?");
data/bacula-9.6.6/src/dird/ua_label.c:1118:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(sd->msg, "D:%d:F:%d:%127s", &Drive, &Slot, vol_name) == 3) {
data/bacula-9.6.6/src/dird/ua_label.c:1134:18: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
} else if (sscanf(sd->msg, "%c:%d:F:%127s", &type, &Slot, vol_name)== 3) {
data/bacula-9.6.6/src/dird/ua_label.c:1256:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pr.Name, "?");
data/bacula-9.6.6/src/dird/ua_output.c:169:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(res_name);
data/bacula-9.6.6/src/dird/ua_output.c:185:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(res_name);
data/bacula-9.6.6/src/dird/ua_output.c:399:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ua->argv[j]) > 1) {
data/bacula-9.6.6/src/dird/ua_output.c:999:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mlen = strlen(msg);
data/bacula-9.6.6/src/dird/ua_output.c:1110:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(msg);
data/bacula-9.6.6/src/dird/ua_prune.c:321:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
client->name(), strlen(client->name()));
data/bacula-9.6.6/src/dird/ua_prune.c:329:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pool->name(), strlen(pool->name()));
data/bacula-9.6.6/src/dird/ua_prune.c:784:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(ua->argv[i]) <= MAX_NAME_LENGTH))
data/bacula-9.6.6/src/dird/ua_prune.c:788:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ua->argv[i], strlen(ua->argv[i]));
data/bacula-9.6.6/src/dird/ua_query.c:121:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/bacula-9.6.6/src/dird/ua_query.c:216:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ua->cmd);
data/bacula-9.6.6/src/dird/ua_query.c:221:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_query = check_pool_memory_size(new_query, olen + strlen(p) + 10);
data/bacula-9.6.6/src/dird/ua_query.c:243:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_query = check_pool_memory_size(new_query, olen + strlen(q) + 10);
data/bacula-9.6.6/src/dird/ua_query.c:277:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ua->cmd);
data/bacula-9.6.6/src/dird/ua_restore.c:686:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ua->cmd);
data/bacula-9.6.6/src/dird/ua_restore.c:749:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ua->cmd);
data/bacula-9.6.6/src/dird/ua_restore.c:772:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ua->cmd);
data/bacula-9.6.6/src/dird/ua_restore.c:829:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ua->cmd);
data/bacula-9.6.6/src/dird/ua_restore.c:835:16: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ua->cmd, "/");
data/bacula-9.6.6/src/dird/ua_run.c:178:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strncasecmp(ua->cmd, "mod ", 4) == 0 && strlen(ua->cmd) > 6)) {
data/bacula-9.6.6/src/dird/ua_run.c:196:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ua->cmd[0] == 0 || strncasecmp(ua->cmd, _("yes"), strlen(ua->cmd)) == 0) {
data/bacula-9.6.6/src/dird/ua_run.c:199:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(ua->cmd, _("no"), strlen(ua->cmd)) == 0) {
data/bacula-9.6.6/src/dird/ua_run.c:856:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!ini->dump_string(item->content, strlen(item->content)) ||
data/bacula-9.6.6/src/dird/ua_run.c:911:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(ua->cmd, _("yes"), strlen(ua->cmd)) == 0) {
data/bacula-9.6.6/src/dird/ua_run.c:915:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(ua->cmd, _("no"), strlen(ua->cmd)) == 0) {
data/bacula-9.6.6/src/dird/ua_run.c:923:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(ua->cmd, _("mod"), strlen(ua->cmd)) == 0) {
data/bacula-9.6.6/src/dird/ua_run.c:1050:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!ini->dump_string(tmp, strlen(tmp)) || /* Send the string to a file */
data/bacula-9.6.6/src/dird/ua_run.c:1084:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ua->cmd[0] != 0 && strncasecmp(ua->cmd, _("mod"), strlen(ua->cmd)) == 0){
data/bacula-9.6.6/src/dird/ua_select.c:1509:14: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(item, "JobId=%d Job=%127s", &njobs, JobName) != 2) {
data/bacula-9.6.6/src/dird/ua_status.c:134:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!size_to_uint64(ua->argv[i], strlen(ua->argv[i]), &nb)) {
data/bacula-9.6.6/src/dird/ua_tree.c:132:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ua->argk[0]);
data/bacula-9.6.6/src/dird/ua_tree.c:370:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(arg);
data/bacula-9.6.6/src/dird/ua_tree.c:720:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(buf);
data/bacula-9.6.6/src/dird/ua_update.c:247:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!size_to_uint64(val, strlen(val), &maxbytes)) {
data/bacula-9.6.6/src/dird/verify.c:630:18: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if ((len = sscanf(fd->msg, "%ld %d %100s", &file_index, &full_stream,
data/bacula-9.6.6/src/dird/verify.c:817:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db_escape_string(jcr, jcr->db, buf, Opts_Digest, strlen(Opts_Digest));
data/bacula-9.6.6/src/filed/accurate.c:253:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item->lstat = item->fname+strlen(item->fname)+1;
data/bacula-9.6.6/src/filed/accurate.c:256:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item->chksum = item->lstat+strlen(item->lstat)+1;
data/bacula-9.6.6/src/filed/accurate.c:615:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lstat_pos = strlen(dir->msg) + 1;
data/bacula-9.6.6/src/filed/accurate.c:617:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chksum_pos = lstat_pos + strlen(dir->msg + lstat_pos) + 1;
data/bacula-9.6.6/src/filed/accurate.c:625:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(dir->msg + chksum_pos) + 1);
data/bacula-9.6.6/src/filed/authenticate.c:259:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(jcr->sd_auth_key, 0, strlen(jcr->sd_auth_key));
data/bacula-9.6.6/src/filed/backup.c:1257:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(strlen(ff->snapshot_path) > strlen(ff->volume_path));
data/bacula-9.6.6/src/filed/backup.c:1257:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(strlen(ff->snapshot_path) > strlen(ff->volume_path));
data/bacula-9.6.6/src/filed/backup.c:1258:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sp_first = strlen(ff->snapshot_path); /* point after snapshot_path in fname */
data/bacula-9.6.6/src/filed/backup.c:1274:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(strlen(ff->fname) > strlen(ff->snap_fname));
data/bacula-9.6.6/src/filed/backup.c:1274:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(strlen(ff->fname) > strlen(ff->snap_fname));
data/bacula-9.6.6/src/filed/backup.c:1293:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(strlen(ff->link) > strlen(ff->snap_fname));
data/bacula-9.6.6/src/filed/backup.c:1293:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(strlen(ff->link) > strlen(ff->snap_fname));
data/bacula-9.6.6/src/filed/backup.c:1367:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Dmsg2(500, "strcpy link_save=%d link=%d\n", strlen(ff_pkt->link_save),
data/bacula-9.6.6/src/filed/backup.c:1368:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ff_pkt->link));
data/bacula-9.6.6/src/filed/backup.c:1422:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Dmsg2(10, "strcpy link=%d link_save=%d\n", strlen(ff_pkt->link),
data/bacula-9.6.6/src/filed/backup.c:1423:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ff_pkt->link_save));
data/bacula-9.6.6/src/filed/backup.c:1455:32: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ff_pkt->object_len = (wcslen(metadata) + 1) * sizeof(WCHAR);
data/bacula-9.6.6/src/filed/bacl.c:292:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Dmsg2(400, "Backing up ACL: (%i) <%s>\n", strlen(tmp.addr()), tmp.c_str());
data/bacula-9.6.6/src/filed/bxattr.c:302:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Dmsg2(400, "Backing up XATTR: (%i) <%s>\n", strlen(tmp.addr()), tmp.c_str());
data/bacula-9.6.6/src/filed/bxattr.c:549:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(name);
data/bacula-9.6.6/src/filed/bxattr_freebsd.c:117:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namespace_len = strlen(namespace_str);
data/bacula-9.6.6/src/filed/bxattr_freebsd.c:121:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(name);
data/bacula-9.6.6/src/filed/bxattr_freebsd.c:125:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_gen_len = strlen(name_gen);
data/bacula-9.6.6/src/filed/bxattr_solaris.c:173:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(name);
data/bacula-9.6.6/src/filed/bxattr_solaris.c:692:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(list) + 1;
data/bacula-9.6.6/src/filed/bxattr_solaris.c:704:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (dp->d_name) + 1;
data/bacula-9.6.6/src/filed/bxattr_solaris.c:796:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (xattrfd, value, len);
data/bacula-9.6.6/src/filed/bxattr_solaris.c:845:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (bp);
data/bacula-9.6.6/src/filed/bxattr_solaris.c:850:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (bp);
data/bacula-9.6.6/src/filed/bxattr_solaris.c:857:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (bp);
data/bacula-9.6.6/src/filed/bxattr_solaris.c:949:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(acltext)){
data/bacula-9.6.6/src/filed/fd_plugins.c:336:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cmd);
data/bacula-9.6.6/src/filed/fd_snapshot.c:417:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(elt2->mountpoint, elt->mountpoint, strlen(elt->mountpoint)) == 0) {
data/bacula-9.6.6/src/filed/fd_snapshot.c:577:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int mp_first = strlen(MountPoint); /* will point to after MountPoint in top_fname */
data/bacula-9.6.6/src/filed/fd_snapshot.c:1321:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
elt = (struct app *) malloc(sizeof(struct app) + strlen(start) + 1);
data/bacula-9.6.6/src/filed/fd_snapshot.c:1563:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(specialmp[i], mountpoint, strlen(specialmp[i])) == 0) {
data/bacula-9.6.6/src/filed/fd_snapshot.c:1754:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(dir->msg, ListCmd, strlen(ListCmd)) == 0) {
data/bacula-9.6.6/src/filed/fdcollect.c:156:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(out.c_str()) + 1;
data/bacula-9.6.6/src/filed/filed.c:381:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(cmds[i].cmd, cmd, strlen(cmd)) == 0) {
data/bacula-9.6.6/src/filed/filed.c:580:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(cmds[i].cmd, cmd, strlen(cmd)) == 0) {
data/bacula-9.6.6/src/filed/hello.c:83:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(dir->msg, "Hello Director %127s calling %d", dirname, &dir_version) != 2 &&
data/bacula-9.6.6/src/filed/hello.c:84:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(dir->msg, "Hello Director %127s calling", dirname) != 1 &&
data/bacula-9.6.6/src/filed/hello.c:85:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(dir->msg, "Hello %127s calling %d", dirname, &dir_version) != 2 ) {
data/bacula-9.6.6/src/filed/hello.c:141:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(sd->msg, "Hello FD: Bacula Storage calling Start Job %127s %d",
data/bacula-9.6.6/src/filed/job.c:287:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jcr->client_name = get_memory(strlen(my_name) + 1);
data/bacula-9.6.6/src/filed/job.c:323:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(cmds[i].cmd, dir->msg, strlen(cmds[i].cmd)) == 0) {
data/bacula-9.6.6/src/filed/job.c:742:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(dir->msg, "cancel Job=%127s", Job) == 1) {
data/bacula-9.6.6/src/filed/job.c:745:15: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
} else if (sscanf(dir->msg, "stop Job=%127s", Job) == 1) {
data/bacula-9.6.6/src/filed/job.c:831:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
scan = sscanf(dir->msg, "setdebug=%ld trace=%ld hangup=%ld blowup=%ld"
data/bacula-9.6.6/src/filed/job.c:1973:14: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(dir->msg, "btime %50s", buf) != 1) {
data/bacula-9.6.6/src/filed/job.c:2199:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(jcr->sd_auth_key, 0, strlen(jcr->sd_auth_key));
data/bacula-9.6.6/src/filed/job.c:2333:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fn);
data/bacula-9.6.6/src/filed/restore.c:554:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(attr->attrEx), bmsg->rbuf);
data/bacula-9.6.6/src/filed/restore.c:1368:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(jcr->last_fname);
data/bacula-9.6.6/src/filed/status.c:104:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendit(p, strlen(p), sp);
data/bacula-9.6.6/src/filed/status.c:388:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendit(p, strlen(p), sp);
data/bacula-9.6.6/src/filed/status.c:414:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendit(p, strlen(p), sp);
data/bacula-9.6.6/src/filed/status.c:433:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendit(p, strlen(p), sp);
data/bacula-9.6.6/src/filed/status.c:588:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendit(buf, strlen(buf), sp);
data/bacula-9.6.6/src/findlib/attribs.c:608:15: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
old_mask = umask(0);
data/bacula-9.6.6/src/findlib/attribs.c:684:4: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(old_mask);
data/bacula-9.6.6/src/findlib/bfile.c:1131:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stat = read(bfd->fid, buf, count);
data/bacula-9.6.6/src/findlib/drivetype.c:40:28: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define bstrncpy strncpy
data/bacula-9.6.6/src/findlib/find.c:132:10: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ff->VerifyOpts, "V");
data/bacula-9.6.6/src/findlib/find_one.c:511:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fname) + 1;
data/bacula-9.6.6/src/findlib/find_one.c:598:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fname);
data/bacula-9.6.6/src/findlib/find_one.c:757:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(dname.c_str());
data/bacula-9.6.6/src/findlib/fstype.c:41:28: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define bstrncpy strncpy
data/bacula-9.6.6/src/findlib/fstype.c:76:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(fstype) + 1;
data/bacula-9.6.6/src/findlib/match.c:119:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fname);
data/bacula-9.6.6/src/findlib/match.c:214:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/bacula-9.6.6/src/findlib/match.c:271:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fname);
data/bacula-9.6.6/src/findlib/match.c:334:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(file);
data/bacula-9.6.6/src/findlib/mkpath.c:111:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(fname);
data/bacula-9.6.6/src/findlib/mkpath.c:163:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_list_add(jcr, strlen(path), path);
data/bacula-9.6.6/src/findlib/mkpath.c:208:12: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
omask = umask(0);
data/bacula-9.6.6/src/findlib/mkpath.c:209:4: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(omask);
data/bacula-9.6.6/src/findlib/mkpath.c:210:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(apath);
data/bacula-9.6.6/src/findlib/mkpath.c:321:4: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(omask);
data/bacula-9.6.6/src/findlib/namedpipe.c:192:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
self->name = (char *)malloc(strlen(path) + 1);
data/bacula-9.6.6/src/findlib/namedpipe.c:259:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(fd, BUF, strlen(BUF)+1) != strlen(BUF)+1) {
data/bacula-9.6.6/src/findlib/namedpipe.c:259:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(fd, BUF, strlen(BUF)+1) != strlen(BUF)+1) {
data/bacula-9.6.6/src/findlib/namedpipe.c:264:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(fd, BUF, strlen(BUF)+1) != strlen(BUF)+1) {
data/bacula-9.6.6/src/findlib/namedpipe.c:264:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(fd, BUF, strlen(BUF)+1) != strlen(BUF)+1) {
data/bacula-9.6.6/src/findlib/namedpipe.c:280:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(fd, buf, strlen(buf)+1);
data/bacula-9.6.6/src/findlib/namedpipe.c:295:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((n = read(fd, buf, sizeof(buf))) != strlen(BUF)+1) {
data/bacula-9.6.6/src/findlib/namedpipe.c:295:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((n = read(fd, buf, sizeof(buf))) != strlen(BUF)+1) {
data/bacula-9.6.6/src/findlib/namedpipe.c:297:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(BUF)+1, errno);
data/bacula-9.6.6/src/findlib/namedpipe.c:300:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, buf, sizeof(buf)) != strlen(BUF)+1) {
data/bacula-9.6.6/src/findlib/namedpipe.c:300:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (read(fd, buf, sizeof(buf)) != strlen(BUF)+1) {
data/bacula-9.6.6/src/findlib/namedpipe.c:314:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((n = read(fd, buf, sizeof(buf))) != 12) {
data/bacula-9.6.6/src/findlib/namedpipe.c:323:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, buf, sizeof(buf));
data/bacula-9.6.6/src/lib/attr.c:193:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int wherelen = strlen(jcr->where);
data/bacula-9.6.6/src/lib/base64.c:267:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = bin_to_base64(buf, sizeof(buf), junk, strlen(junk), true);
data/bacula-9.6.6/src/lib/base64.c:342:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%s: len=%d val=%s\n", fname, strlen(where), where);
data/bacula-9.6.6/src/lib/base64.c:409:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(len == strlen(resb16), "Checking bin_to_base64 encoded length");
data/bacula-9.6.6/src/lib/base64.c:412:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = base64_to_bin(binbuf, 30, (char*)resb16, strlen(resb16));
data/bacula-9.6.6/src/lib/base64.c:422:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = base64_to_bin(binbuf, 30, buf, strlen(buf));
data/bacula-9.6.6/src/lib/bcollector.c:109:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(out.c_str());
data/bacula-9.6.6/src/lib/bcollector.c:217:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((len = read(fd, bs->msg, sizeof_pool_memory(bs->msg))) > 0){
data/bacula-9.6.6/src/lib/bcollector.c:231:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bs->msglen = strlen(bs->msg);
data/bacula-9.6.6/src/lib/bcollector.c:253:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf.c_str());
data/bacula-9.6.6/src/lib/bnet.c:45:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define socketRead(fd, buf, len) read(fd, buf, len)
data/bacula-9.6.6/src/lib/bpipe.c:577:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Dmsg3(200, "resadr=0x%x reslen=%d res=%s\n", results, strlen(results), results);
data/bacula-9.6.6/src/lib/breg.c:228:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int flen = strlen(fname);
data/bacula-9.6.6/src/lib/breg.c:242:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Dmsg2(500, "bregexp: len = %i, result_len = %i\n", len, strlen(result));
data/bacula-9.6.6/src/lib/breg.c:298:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(fname) + 1;
data/bacula-9.6.6/src/lib/breg.c:325:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ed);
data/bacula-9.6.6/src/lib/breg.c:381:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int str_size = ((strip_prefix?strlen(strip_prefix)+strlen(str_strip_prefix):0) +
data/bacula-9.6.6/src/lib/breg.c:381:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int str_size = ((strip_prefix?strlen(strip_prefix)+strlen(str_strip_prefix):0) +
data/bacula-9.6.6/src/lib/breg.c:382:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(add_prefix?strlen(add_prefix)+strlen(str_add_prefix) :0) +
data/bacula-9.6.6/src/lib/breg.c:382:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(add_prefix?strlen(add_prefix)+strlen(str_add_prefix) :0) +
data/bacula-9.6.6/src/lib/breg.c:383:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(add_suffix?strlen(add_suffix)+strlen(str_add_suffix) :0) )
data/bacula-9.6.6/src/lib/breg.c:383:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(add_suffix?strlen(add_suffix)+strlen(str_add_suffix) :0) )
data/bacula-9.6.6/src/lib/bregex.c:1081:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int size = strlen((char *)regex);
data/bacula-9.6.6/src/lib/bregex.c:1491:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(string);
data/bacula-9.6.6/src/lib/bregex.c:1931:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen((const char *)str);
data/bacula-9.6.6/src/lib/bsnprintf.c:432:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strln = strlen(value);
data/bacula-9.6.6/src/lib/bsnprintf.c:473:12: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strln = wcslen(value);
data/bacula-9.6.6/src/lib/bsnprintf.c:738:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r_length = strlen(result);
data/bacula-9.6.6/src/lib/bsock.c:987:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, buf, strlen(hexdata));
data/bacula-9.6.6/src/lib/bsock.c:987:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read(fd, buf, strlen(hexdata));
data/bacula-9.6.6/src/lib/bsockcore.c:1327:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, buf, strlen(hexdata));
data/bacula-9.6.6/src/lib/bsockcore.c:1327:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read(fd, buf, strlen(hexdata));
data/bacula-9.6.6/src/lib/bsockcore.h:202:61: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int socketRead(int fd, void *buf, size_t len) { return ::read(fd, buf, len); };
data/bacula-9.6.6/src/lib/bsys.c:149:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(pathname, working_directory, strlen(working_directory)) != 0) {
data/bacula-9.6.6/src/lib/bsys.c:222:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#undef strncpy
data/bacula-9.6.6/src/lib/bsys.c:228:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, maxlen-1);
data/bacula-9.6.6/src/lib/bsys.c:237:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src.c_str(), maxlen-1);
data/bacula-9.6.6/src/lib/bsys.c:249:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(dest);
data/bacula-9.6.6/src/lib/bsys.c:251:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest+len, src, maxlen-len-1);
data/bacula-9.6.6/src/lib/bsys.c:264:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(dest);
data/bacula-9.6.6/src/lib/bsys.c:266:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest+len, src.c_str(), maxlen-len-1);
data/bacula-9.6.6/src/lib/bsys.c:599:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(pidfd, &pidbuf, sizeof(pidbuf)) < 0 ||
data/bacula-9.6.6/src/lib/bsys.c:653:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(*fd, &pidbuf, sizeof(pidbuf)) > 0 &&
data/bacula-9.6.6/src/lib/bsys.c:754:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((stat=read(sfd, &hdr, hdr_size)) != hdr_size) {
data/bacula-9.6.6/src/lib/bsys.c:852:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#undef fgetc
data/bacula-9.6.6/src/lib/bsys.c:861:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fd);
data/bacula-9.6.6/src/lib/bsys.c:873:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fd);
data/bacula-9.6.6/src/lib/bsys.c:904:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fd);
data/bacula-9.6.6/src/lib/bsys.c:924:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fd);
data/bacula-9.6.6/src/lib/bsys.c:956:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *escaped_path = (char *)bmalloc(2 * (strlen(file_path) + 1));
data/bacula-9.6.6/src/lib/bsys.c:1016:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(function, "()", sz);
data/bacula-9.6.6/src/lib/bsys.c:1104:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((len = read(fd_src, buf, sizeof(buf))) > 0)
data/bacula-9.6.6/src/lib/bsys.c:1351:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nb = read(fd, buf, sizeof(buf));
data/bacula-9.6.6/src/lib/btime.c:132:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!str || *str == 0 || (strlen(str) != 19) ||
data/bacula-9.6.6/src/lib/collect.c:232:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (res_collector.errmsg && strlen(res_collector.errmsg)){
data/bacula-9.6.6/src/lib/cram-md5.c:91:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmac_md5((uint8_t *)chal, strlen(chal), (uint8_t *)password, strlen(password), hmac);
data/bacula-9.6.6/src/lib/cram-md5.c:91:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmac_md5((uint8_t *)chal, strlen(chal), (uint8_t *)password, strlen(password), hmac);
data/bacula-9.6.6/src/lib/cram-md5.c:149:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmac_md5((uint8_t *)chal, strlen(chal), (uint8_t *)password, strlen(password), hmac);
data/bacula-9.6.6/src/lib/cram-md5.c:149:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmac_md5((uint8_t *)chal, strlen(chal), (uint8_t *)password, strlen(password), hmac);
data/bacula-9.6.6/src/lib/crc32.c:466:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = bcrc32((unsigned char *)buf, strlen(buf));
data/bacula-9.6.6/src/lib/crypto.c:1513:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(buf));
data/bacula-9.6.6/src/lib/daemon.c:111:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
oldmask = umask(026);
data/bacula-9.6.6/src/lib/daemon.c:113:4: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(oldmask);
data/bacula-9.6.6/src/lib/devlock.c:62:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((stat = pthread_cond_init(&rwl->read, NULL)) != 0) {
data/bacula-9.6.6/src/lib/devlock.c:67:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pthread_cond_destroy(&rwl->read);
data/bacula-9.6.6/src/lib/devlock.c:114:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stat1 = pthread_cond_destroy(&rwl->read);
data/bacula-9.6.6/src/lib/devlock.c:169:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stat = pthread_cond_wait(&rwl->read, &rwl->mutex);
data/bacula-9.6.6/src/lib/devlock.c:334:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stat = pthread_cond_broadcast(&rwl->read);
data/bacula-9.6.6/src/lib/devlock.h:43:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pthread_cond_t read; /* wait for read */
data/bacula-9.6.6/src/lib/dlist.c:342:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return new_dlistString(str, strlen(str));
data/bacula-9.6.6/src/lib/dlist.c:477:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "a");
data/bacula-9.6.6/src/lib/edit.c:208:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/bacula-9.6.6/src/lib/edit.c:285:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mod_len = strlen(mod_str);
data/bacula-9.6.6/src/lib/edit.c:330:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (val == 0 && strlen(buf) == 0) {
data/bacula-9.6.6/src/lib/edit.c:360:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mod_len = strlen(mod_str);
data/bacula-9.6.6/src/lib/edit.c:541:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/bacula-9.6.6/src/lib/jcr.c:135:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &num, sizeof(num)) != sizeof(num)) {
data/bacula-9.6.6/src/lib/jcr.c:144:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &job, sizeof(job)) != sizeof(job)) {
data/bacula-9.6.6/src/lib/jcr.c:776:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(Job);
data/bacula-9.6.6/src/lib/md5.c:329:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&ctx, (unsigned char *)buf, strlen(buf));
data/bacula-9.6.6/src/lib/mem_pool.c:469:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pmlen = strlen(*pm);
data/bacula-9.6.6/src/lib/mem_pool.c:474:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
data/bacula-9.6.6/src/lib/mem_pool.c:482:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pmlen = strlen(pm);
data/bacula-9.6.6/src/lib/mem_pool.c:487:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
data/bacula-9.6.6/src/lib/mem_pool.c:495:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pmlen = strlen(pm);
data/bacula-9.6.6/src/lib/mem_pool.c:496:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str.c_str()) + 1;
data/bacula-9.6.6/src/lib/mem_pool.c:505:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pmlen = strlen(pm.c_str());
data/bacula-9.6.6/src/lib/mem_pool.c:510:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
data/bacula-9.6.6/src/lib/mem_pool.c:518:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pmlen = strlen(pm.c_str());
data/bacula-9.6.6/src/lib/mem_pool.c:521:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str.c_str()) + 1;
data/bacula-9.6.6/src/lib/mem_pool.c:537:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
data/bacula-9.6.6/src/lib/mem_pool.c:549:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
data/bacula-9.6.6/src/lib/mem_pool.c:557:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str.c_str()) + 1;
data/bacula-9.6.6/src/lib/mem_pool.c:570:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
data/bacula-9.6.6/src/lib/mem_pool.c:647:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pmlen = strlen(mem);
data/bacula-9.6.6/src/lib/mem_pool.c:652:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
data/bacula-9.6.6/src/lib/mem_pool.c:664:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
data/bacula-9.6.6/src/lib/message.c:154:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dtlen = strlen(dt);
data/bacula-9.6.6/src/lib/message.c:296:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(l) + 1;
data/bacula-9.6.6/src/lib/message.c:312:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exepath = (char *)malloc(strlen(cpath) + 1 + len);
data/bacula-9.6.6/src/lib/message.c:849:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dtlen = strlen(dt);
data/bacula-9.6.6/src/lib/message.c:920:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(msg) + 1;
data/bacula-9.6.6/src/lib/message.c:948:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(msg);
data/bacula-9.6.6/src/lib/message.c:1011:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(msg) + dtlen;;
data/bacula-9.6.6/src/lib/message.c:1091:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((basename = bstrrpath(pathname, pathname+strlen(pathname))) == pathname) {
data/bacula-9.6.6/src/lib/message.c:1158:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/bacula-9.6.6/src/lib/message.c:1302:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/bacula-9.6.6/src/lib/message.c:1746:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item = (MQUEUE_ITEM *)malloc(sizeof(MQUEUE_ITEM) + strlen(pool_buf) + 1);
data/bacula-9.6.6/src/lib/output.c:226:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp2 = check_pool_memory_size(tmp2, strlen(k)+1);
data/bacula-9.6.6/src/lib/parse_conf.c:552:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len=strlen(lc->str);
data/bacula-9.6.6/src/lib/parse_conf.c:819:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!size_to_uint64(bsize, strlen(bsize), &uvalue)) {
data/bacula-9.6.6/src/lib/parse_conf.c:824:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!speed_to_uint64(bsize, strlen(bsize), &uvalue)) {
data/bacula-9.6.6/src/lib/parse_conf.c:1243:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int file_length = strlen(config_file) + 1;
data/bacula-9.6.6/src/lib/parse_conf.c:1256:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int dir_length = strlen(config_dir);
data/bacula-9.6.6/src/lib/plugins.c:112:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(plugin_dir);
data/bacula-9.6.6/src/lib/plugins.c:130:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dname.c_str());
data/bacula-9.6.6/src/lib/plugins.c:131:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
type_len = strlen(type);
data/bacula-9.6.6/src/lib/runscript.c:240:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(line);
data/bacula-9.6.6/src/lib/rwlock.c:51:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((stat = pthread_cond_init(&rwl->read, NULL)) != 0) {
data/bacula-9.6.6/src/lib/rwlock.c:56:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pthread_cond_destroy(&rwl->read);
data/bacula-9.6.6/src/lib/rwlock.c:102:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stat1 = pthread_cond_destroy(&rwl->read);
data/bacula-9.6.6/src/lib/rwlock.c:148:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stat = pthread_cond_wait(&rwl->read, &rwl->mutex);
data/bacula-9.6.6/src/lib/rwlock.c:306:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stat = pthread_cond_broadcast(&rwl->read);
data/bacula-9.6.6/src/lib/rwlock.h:34:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pthread_cond_t read; /* wait for read */
data/bacula-9.6.6/src/lib/scan.c:51:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = cmd - 1 + strlen(cmd);
data/bacula-9.6.6/src/lib/scan.c:62:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = cmd - 1 + strlen(cmd);
data/bacula-9.6.6/src/lib/scan.c:73:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = dir -1 + strlen(dir);
data/bacula-9.6.6/src/lib/scan.c:298:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = slen = strlen(fname);
data/bacula-9.6.6/src/lib/sellist.c:189:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ed1);
data/bacula-9.6.6/src/lib/sellist.c:204:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(p, ",");
data/bacula-9.6.6/src/lib/sha1.c:448:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = SHA1Update(&sha, (const unsigned char *) testarray[j], strlen(testarray[j]));
data/bacula-9.6.6/src/lib/sha1.c:508:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SHA1Update(&ctx, (unsigned char *)buf, strlen(buf));
data/bacula-9.6.6/src/lib/sha2.c:906:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha224((const unsigned char *) message1, strlen(message1), digest);
data/bacula-9.6.6/src/lib/sha2.c:908:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha224((const unsigned char *) message2a, strlen(message2a), digest);
data/bacula-9.6.6/src/lib/sha2.c:916:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha256((const unsigned char *) message1, strlen(message1), digest);
data/bacula-9.6.6/src/lib/sha2.c:918:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha256((const unsigned char *) message2a, strlen(message2a), digest);
data/bacula-9.6.6/src/lib/sha2.c:926:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha384((const unsigned char *) message1, strlen(message1), digest);
data/bacula-9.6.6/src/lib/sha2.c:928:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha384((const unsigned char *)message2b, strlen(message2b), digest);
data/bacula-9.6.6/src/lib/sha2.c:936:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha512((const unsigned char *) message1, strlen(message1), digest);
data/bacula-9.6.6/src/lib/sha2.c:938:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha512((const unsigned char *) message2b, strlen(message2b), digest);
data/bacula-9.6.6/src/lib/signal.c:159:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int exelen = strlen(exepath);
data/bacula-9.6.6/src/lib/signal.c:175:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(exepath, "/");
data/bacula-9.6.6/src/lib/smartall.c:520:22: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(errmsg, "\n");
data/bacula-9.6.6/src/lib/smartall.c:526:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(errmsg + strlen(errmsg), " %02X",
data/bacula-9.6.6/src/lib/smartall.c:529:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(errmsg + strlen(errmsg), " %c ",
data/bacula-9.6.6/src/lib/status.h:85:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!sp->api) sendit(msg, strlen(msg), sp);
data/bacula-9.6.6/src/lib/status.h:92:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!sp->api) sendit(msg, strlen(msg), sp);
data/bacula-9.6.6/src/lib/status.h:94:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!sp->api) sendit(msg, strlen(msg), sp);
data/bacula-9.6.6/src/lib/status.h:97:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendit(p, strlen(p), sp);
data/bacula-9.6.6/src/lib/status.h:178:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendit(p, strlen(p), sp);
data/bacula-9.6.6/src/lib/status.h:190:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendit(buf, strlen(buf), sp);
data/bacula-9.6.6/src/lib/status.h:197:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendit(p, strlen(p), sp);
data/bacula-9.6.6/src/lib/tcpd.h:41:27: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; }
data/bacula-9.6.6/src/lib/tree.c:209:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int path_len = strlen(path);
data/bacula-9.6.6/src/lib/tree.c:239:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_len = strlen(path); /* get new length */
data/bacula-9.6.6/src/lib/tree.c:328:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
node->fname_len = strlen(fname);
data/bacula-9.6.6/src/lib/tree.c:417:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/bacula-9.6.6/src/lib/tree.c:422:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cd->fname[0] == path[0] && len == (int)strlen(cd->fname)
data/bacula-9.6.6/src/lib/util.c:665:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(meta);
data/bacula-9.6.6/src/lib/util.c:736:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)GetCurrentProcessId());
data/bacula-9.6.6/src/lib/util.c:737:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)getcwd(s + strlen(s), 256);
data/bacula-9.6.6/src/lib/util.c:738:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)GetTickCount());
data/bacula-9.6.6/src/lib/util.c:740:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)li.LowPart);
data/bacula-9.6.6/src/lib/util.c:742:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)ft.dwLowDateTime);
data/bacula-9.6.6/src/lib/util.c:743:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)ft.dwHighDateTime);
data/bacula-9.6.6/src/lib/util.c:745:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GetComputerName(s + strlen(s), &length);
data/bacula-9.6.6/src/lib/util.c:747:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GetUserName(s + strlen(s), &length);
data/bacula-9.6.6/src/lib/util.c:750:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)getpid());
data/bacula-9.6.6/src/lib/util.c:751:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)getppid());
data/bacula-9.6.6/src/lib/util.c:752:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)getcwd(s + strlen(s), 256);
data/bacula-9.6.6/src/lib/util.c:753:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)clock());
data/bacula-9.6.6/src/lib/util.c:754:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)time(NULL));
data/bacula-9.6.6/src/lib/util.c:756:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sysinfo(SI_HW_SERIAL,s + strlen(s), 12);
data/bacula-9.6.6/src/lib/util.c:759:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t) gethostid());
data/bacula-9.6.6/src/lib/util.c:761:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gethostname(s + strlen(s), 256);
data/bacula-9.6.6/src/lib/util.c:762:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)getuid());
data/bacula-9.6.6/src/lib/util.c:763:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)getgid());
data/bacula-9.6.6/src/lib/util.c:766:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&md5c, (uint8_t *)s, strlen(s));
data/bacula-9.6.6/src/lib/util.c:768:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)((time(NULL) + 65121) ^ 0x375F));
data/bacula-9.6.6/src/lib/util.c:770:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&md5c, (uint8_t *)s, strlen(s));
data/bacula-9.6.6/src/lib/util.c:1029:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (const char *p = &str[strlen(str) - 1]; p >= str; p--) {
data/bacula-9.6.6/src/lib/var.c:144:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(cp);
data/bacula-9.6.6/src/lib/var.c:151:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(cp);
data/bacula-9.6.6/src/lib/var.c:1394:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!tokenbuf_assign(data, buf, strlen(buf))) {
data/bacula-9.6.6/src/plugins/fd/bpipe-fd.c:443:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ret = read(p_ctx->efd, buf, sizeof(buf));
data/bacula-9.6.6/src/plugins/fd/bpipe-fd.c:454:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
io->status = read(p_ctx->rfd, io->buf, io->count);
data/bacula-9.6.6/src/plugins/fd/bpipe-fd.c:484:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ret = read(p_ctx->rfd, buf, sizeof(buf)); /* TODO: simulate fgets() */
data/bacula-9.6.6/src/plugins/fd/bpipe-fd.c:551:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ret = read(p_ctx->rfd, buf, sizeof(buf));
data/bacula-9.6.6/src/plugins/fd/bpipe-fd.c:562:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ret = read(p_ctx->efd, buf, sizeof(buf));
data/bacula-9.6.6/src/plugins/fd/bpipe-fd.c:620:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rp->where) > 512) {
data/bacula-9.6.6/src/plugins/fd/bpipe-fd.c:701:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
omsg = (char*)malloc(strlen(imsg) + (w_count * (strlen(p_ctx->where)-2)) - r_count + 1);
data/bacula-9.6.6/src/plugins/fd/bpipe-fd.c:701:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
omsg = (char*)malloc(strlen(imsg) + (w_count * (strlen(p_ctx->where)-2)) - r_count + 1);
data/bacula-9.6.6/src/plugins/fd/docker/dkcommctx.c:1188:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/bacula-9.6.6/src/plugins/fd/docker/dkcommctx.c:1265:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/bacula-9.6.6/src/plugins/fd/docker/dkcommctx.c:1314:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(err1);
data/bacula-9.6.6/src/plugins/fd/docker/dkcommctx.c:1322:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(err2);
data/bacula-9.6.6/src/plugins/fd/docker/dkid.c:74:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dig);
data/bacula-9.6.6/src/plugins/fd/docker/dkid.c:244:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(id && strlen(id->digest()) == 0, "Check default initialization full");
data/bacula-9.6.6/src/plugins/fd/docker/dkid.c:245:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(id && strlen(id->digest_short()) == 0, "Check short default initialization full");
data/bacula-9.6.6/src/plugins/fd/docker/docker-fd.c:692:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
io->status = read(dkfd, io->buf, io->count);
data/bacula-9.6.6/src/plugins/fd/docker/docker-fd.c:1036:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd, errlog.c_str(), errlog.size() - 1);
data/bacula-9.6.6/src/plugins/fd/docker/docker-fd.c:1564:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (where && strlen(where) > 1 && *where == PathSeparator){
data/bacula-9.6.6/src/plugins/fd/docker/docker-fd.c:1566:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(where);
data/bacula-9.6.6/src/plugins/fd/docker/docker-fd.c:1572:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
JMSG(ctx, M_INFO, "Docker local restore: %s\n", fmt.c_str() + len + strlen(PLUGINNAMESPACE) + 1);
data/bacula-9.6.6/src/plugins/fd/docker/docker-fd.c:1576:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pm_strcat(fname, rp->ofname + len + strlen(PLUGINNAMESPACE));
data/bacula-9.6.6/src/plugins/fd/docker/docker-fd.c:1630:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pm_strcpy(fname, rp->ofname + strlen(PLUGINNAMESPACE));
data/bacula-9.6.6/src/plugins/fd/fd_common.h:131:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fname) >= 2 && B_ISALPHA(fname[0]) && fname[1] == ':') {
data/bacula-9.6.6/src/plugins/fd/fd_common.h:145:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int last = strlen(dest); /* dest is 27 bytes long */
data/bacula-9.6.6/src/plugins/fd/fd_common.h:190:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(base, b, sizeof(base));
data/bacula-9.6.6/src/plugins/fd/fd_common.h:204:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, jobname, MAX_NAME_LENGTH);
data/bacula-9.6.6/src/plugins/fd/fd_common.h:208:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prev, prevjobname, MAX_NAME_LENGTH);
data/bacula-9.6.6/src/plugins/fd/fd_common.h:214:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(key, akey, MAX_NAME_LENGTH);
data/bacula-9.6.6/src/plugins/fd/fd_common.h:226:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(name);
data/bacula-9.6.6/src/plugins/fd/fd_common.h:303:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(buf, "time=%60s level=%c key=%127s name=%127s root=%127s prev=%127s",
data/bacula-9.6.6/src/plugins/fd/fd_common.h:306:14: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(buf, "time=%60s level=F key=%127s name=%127s",
data/bacula-9.6.6/src/plugins/fd/fd_common.h:394:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(buf, "time=%60s level=%c key=%127s name=%127s root=%127s prev=%127s",
data/bacula-9.6.6/src/plugins/fd/fd_common.h:397:14: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(buf, "time=%60s level=F key=%127s name=%127s",
data/bacula-9.6.6/src/plugins/fd/fd_common.h:467:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
now, level, key, name, strlen(data), data);
data/bacula-9.6.6/src/plugins/fd/fd_common.h:471:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
now, level, key, name, root, prev, strlen(data), data);
data/bacula-9.6.6/src/plugins/fd/fd_common.h:562:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/bacula-9.6.6/src/plugins/fd/fd_common.h:572:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/bacula-9.6.6/src/plugins/fd/fd_common.h:583:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(buf, "time=%60s level=%c key=%127s name=%127s root=%127s prev=%127s vollen=%d vol=",
data/bacula-9.6.6/src/plugins/fd/fd_common.h:586:14: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(buf, "time=%60s level=F key=%127s name=%127s vollen=%d vol=",
data/bacula-9.6.6/src/plugins/fd/fd_common.h:602:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (datalen != strlen(data)) {
data/bacula-9.6.6/src/plugins/fd/fd_common.h:603:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Dmsg(ctx, dbglvl+100, "Bad data line datalen != strlen(data) %d != %d\n", datalen, strlen(data));
data/bacula-9.6.6/src/plugins/fd/pluglib.h:125:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(pluginprefix, command, strlen(pluginprefix)) == 0){
data/bacula-9.6.6/src/plugins/fd/test-plugin-fd.c:567:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp->object_len = strlen(sp->object)+1+6+1; /* str + 0 + secret + 0 */
data/bacula-9.6.6/src/plugins/fd/test-plugin-fd.c:675:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rp->where) > 990) {
data/bacula-9.6.6/src/qt-console/bcomm/dircomm.cpp:324:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int DirComm::read()
data/bacula-9.6.6/src/qt-console/bcomm/dircomm.cpp:507:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read() >= 0) {
data/bacula-9.6.6/src/qt-console/bcomm/dircomm.cpp:561:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(buf);
data/bacula-9.6.6/src/qt-console/bcomm/dircomm.cpp:569:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(buf);
data/bacula-9.6.6/src/qt-console/bcomm/dircomm.h:63:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(void);
data/bacula-9.6.6/src/qt-console/console/console.cpp:242:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((stat = dircomm->read()) > 0 && dircomm->is_in_command()) {
data/bacula-9.6.6/src/qt-console/console/console.cpp:307:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((stat = dircomm->read()) > 0) {
data/bacula-9.6.6/src/qt-console/console/console.cpp:428:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((stat = dircomm->read()) > 0) {
data/bacula-9.6.6/src/qt-console/console/console.cpp:626:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (dircomm->read() > 0) {
data/bacula-9.6.6/src/qt-console/console/console.cpp:645:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((stat=dircomm->read()) > 0) {
data/bacula-9.6.6/src/qt-console/console/console.cpp:668:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stat = dircomm->read();
data/bacula-9.6.6/src/qt-console/console/console.cpp:686:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dircomm->read();
data/bacula-9.6.6/src/qt-console/console/console.cpp:690:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((stat=dircomm->read()) > 0) {
data/bacula-9.6.6/src/qt-console/console/console.cpp:814:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Console::read(int conn)
data/bacula-9.6.6/src/qt-console/console/console.cpp:817:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return dircomm->read();
data/bacula-9.6.6/src/qt-console/console/console.h:68:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(int conn);
data/bacula-9.6.6/src/qt-console/restore/restore.cpp:106:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (m_console->read(m_conn) > 0) {
data/bacula-9.6.6/src/qt-console/restore/restore.cpp:324:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (m_console->read(m_conn) > 0) {
data/bacula-9.6.6/src/qt-console/restore/restore.cpp:383:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (m_console->read(m_conn) > 0) {
data/bacula-9.6.6/src/qt-console/restore/restore.cpp:413:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (m_console->read(m_conn) > 0) {
data/bacula-9.6.6/src/qt-console/restore/restore.cpp:441:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((stat = m_console->read(m_conn)) > 0) {
data/bacula-9.6.6/src/qt-console/restore/restore.cpp:463:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((stat = m_console->read(m_conn)) > 0) {
data/bacula-9.6.6/src/qt-console/run/runcmd.cpp:73:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_console->read(m_conn);
data/bacula-9.6.6/src/qt-console/select/select.cpp:46:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_console->read(m_conn); /* get title */
data/bacula-9.6.6/src/qt-console/select/select.cpp:48:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((stat=m_console->read(m_conn)) > 0) {
data/bacula-9.6.6/src/qt-console/select/select.cpp:103:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
console->read(conn); /* get yesno question */
data/bacula-9.6.6/src/qt-console/select/textinput.cpp:42:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_console->read(m_conn); /* get title */
data/bacula-9.6.6/src/qt-console/tray-monitor/authenticate.cpp:133:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(bs->msg, p, strlen(p)) != 0) {
data/bacula-9.6.6/src/qt-console/tray-monitor/conf.cpp:49:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p1 = *buf = check_pool_memory_size(*buf, (strlen(p) + 1));
data/bacula-9.6.6/src/qt-console/tray-monitor/runjob.cpp:484:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dir_entry.c_str());
data/bacula-9.6.6/src/qt-console/tray-monitor/tray-monitor.cpp:270:4: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0077);
data/bacula-9.6.6/src/qt-console/tray-monitor/tray-monitor.cpp:274:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(getenv(HOME_VAR)) + strlen(CONFIG_FILE_HOME) + 5;
data/bacula-9.6.6/src/qt-console/tray-monitor/tray-monitor.cpp:274:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(getenv(HOME_VAR)) + strlen(CONFIG_FILE_HOME) + 5;
data/bacula-9.6.6/src/stored/ansi_label.c:77:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stat = dev->read(label, sizeof(label));
data/bacula-9.6.6/src/stored/ansi_label.c:292:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(VolName);
data/bacula-9.6.6/src/stored/askdir.c:166:4: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/bacula-9.6.6/src/stored/authenticate.c:337:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(jcr->sd_auth_key, 0, strlen(jcr->sd_auth_key));
data/bacula-9.6.6/src/stored/autochanger.c:681:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dir->msglen = strlen(dir->msg);
data/bacula-9.6.6/src/stored/block.c:536:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stat = dev->read(block->buf + data_len, (size_t)(block->buf_len - data_len));
data/bacula-9.6.6/src/stored/btape.c:429:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, buf, len);
data/bacula-9.6.6/src/stored/btape.c:1942:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stat = read(dev->fd(), buf, len);
data/bacula-9.6.6/src/stored/btape.c:1977:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((stat = read(dev->fd(), buf, sizeof(buf))) < 0) {
data/bacula-9.6.6/src/stored/btape.c:2444:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, &state_level, sizeof(btape_state_level));
data/bacula-9.6.6/src/stored/btape.c:2445:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, &simple, sizeof(simple));
data/bacula-9.6.6/src/stored/btape.c:2446:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, &last_block_num1, sizeof(last_block_num1));
data/bacula-9.6.6/src/stored/btape.c:2447:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, &last_block_num2, sizeof(last_block_num2));
data/bacula-9.6.6/src/stored/btape.c:2448:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, &last_file1, sizeof(last_file1));
data/bacula-9.6.6/src/stored/btape.c:2449:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, &last_file2, sizeof(last_file2));
data/bacula-9.6.6/src/stored/btape.c:2450:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, last_block1->buf, last_block1->buf_len);
data/bacula-9.6.6/src/stored/btape.c:2451:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, last_block2->buf, last_block2->buf_len);
data/bacula-9.6.6/src/stored/btape.c:2452:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, first_block->buf, first_block->buf_len);
data/bacula-9.6.6/src/stored/btape.c:3002:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc(stdin)) != EOF) {
data/bacula-9.6.6/src/stored/btape.c:3048:4: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/bacula-9.6.6/src/stored/btape.c:3072:7: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/bacula-9.6.6/src/stored/butil.c:64:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = 0;
data/bacula-9.6.6/src/stored/butil.c:150:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(VolumeName) >= MAX_NAME_LENGTH) {
data/bacula-9.6.6/src/stored/butil.c:159:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = dev_name + strlen(dev_name);
data/bacula-9.6.6/src/stored/butil.c:268:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(device_name);
data/bacula-9.6.6/src/stored/cloud_dev.c:620:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!IsPathSeparator(archive_name.c_str()[strlen(archive_name.c_str())-1])) {
data/bacula-9.6.6/src/stored/cloud_dev.c:1015:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!IsPathSeparator(archive_name.c_str()[strlen(archive_name.c_str())-1])) {
data/bacula-9.6.6/src/stored/cloud_dev.c:2156:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!parts || strlen(VolumeName) == 0) {
data/bacula-9.6.6/src/stored/cloud_dev.c:2163:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!IsPathSeparator(vol_dir[strlen(vol_dir)-1])) {
data/bacula-9.6.6/src/stored/cloud_dev.c:2218:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!ext || strlen(ext) < 2) {
data/bacula-9.6.6/src/stored/cloud_dev.c:2236:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!IsPathSeparator(part_path[strlen(vol_dir)-1])) {
data/bacula-9.6.6/src/stored/cloud_driver.h:63:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(filename);
data/bacula-9.6.6/src/stored/cloud_transfer_mgr.c:219:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(m_message) != 0)?" msg=":"",
data/bacula-9.6.6/src/stored/cloud_transfer_mgr.c:220:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(m_message) != 0)?m_message:"");
data/bacula-9.6.6/src/stored/cloud_transfer_mgr.c:228:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(m_message) != 0)?" msg=":"",
data/bacula-9.6.6/src/stored/cloud_transfer_mgr.c:229:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(m_message) != 0)?m_message:"");
data/bacula-9.6.6/src/stored/dev.c:461:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t DEVICE::read(void *buf, size_t len)
data/bacula-9.6.6/src/stored/dev.h:486:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read(void *buf, size_t len); /* in dev.c */
data/bacula-9.6.6/src/stored/dircmd.c:234:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(cmds[i].cmd, bs->msg, strlen(cmds[i].cmd)) == 0) {
data/bacula-9.6.6/src/stored/dircmd.c:312:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(dir->msg, "client address=%127s port=%d ssl=%d", jcr->client_addr, &client_port,
data/bacula-9.6.6/src/stored/dircmd.c:454:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(dir->msg, "setdebug=%ld trace=%ld hangup=%ld blowup=%ld options=%55s tags=%511s",
data/bacula-9.6.6/src/stored/dircmd.c:506:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(dir->msg, "cancel Job=%127s", Job) == 1) {
data/bacula-9.6.6/src/stored/dircmd.c:509:15: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
} else if (sscanf(dir->msg, "stop Job=%127s", Job) == 1) {
data/bacula-9.6.6/src/stored/dircmd.c:585:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(dir->msg, "relabel %127s OldName=%127s NewName=%127s PoolName=%127s "
data/bacula-9.6.6/src/stored/dircmd.c:593:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(dir->msg, "label %127s VolumeName=%127s PoolName=%127s "
data/bacula-9.6.6/src/stored/dircmd.c:696:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(dir->msg, "truncate cache Storage=%127s Volume=%127s PoolName=%127s "
data/bacula-9.6.6/src/stored/dircmd.c:798:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(dir->msg, "cloudlist Storage=%127s Volume=%127s MediaType=%127s Slot=%d drive=%d",
data/bacula-9.6.6/src/stored/dircmd.c:870:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(dir->msg, "upload Storage=%127s Volume=%127s PoolName=%127s "
data/bacula-9.6.6/src/stored/dircmd.c:1307:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
ok = sscanf(dir->msg, "mount %127s drive=%d slot=%d", devname.c_str(),
data/bacula-9.6.6/src/stored/dircmd.c:1461:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
ok = sscanf(dir->msg, "enable %127s drive=%d", devname.c_str(),
data/bacula-9.6.6/src/stored/dircmd.c:1503:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
ok = sscanf(dir->msg, "disable %127s drive=%d", devname.c_str(),
data/bacula-9.6.6/src/stored/dircmd.c:1538:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(dir->msg, "unmount %127s drive=%d", devname.c_str(), &drive) == 2) {
data/bacula-9.6.6/src/stored/dircmd.c:1641:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(dir->msg,
data/bacula-9.6.6/src/stored/dircmd.c:1678:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(dir->msg, "release %127s drive=%d", devname.c_str(), &drive) == 2) {
data/bacula-9.6.6/src/stored/dircmd.c:1814:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(dir->msg, "autochanger listall %127s", devname.c_str()) == 1) {
data/bacula-9.6.6/src/stored/dircmd.c:1817:15: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
} else if (sscanf(dir->msg, "autochanger list %127s", devname.c_str()) == 1) {
data/bacula-9.6.6/src/stored/dircmd.c:1820:15: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
} else if (sscanf(dir->msg, "autochanger slots %127s", devname.c_str()) == 1) {
data/bacula-9.6.6/src/stored/dircmd.c:1823:15: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
} else if (sscanf(dir->msg, "autochanger drives %127s", devname.c_str()) == 1) {
data/bacula-9.6.6/src/stored/dircmd.c:1868:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(dir->msg, "readlabel %127s Slot=%d drive=%d", devname.c_str(),
data/bacula-9.6.6/src/stored/fd_cmds.c:215:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(fd_cmds[i].cmd, fd->msg, strlen(fd_cmds[i].cmd)) == 0) {
data/bacula-9.6.6/src/stored/file_dev.c:59:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return ::read(fd, buffer, count);
data/bacula-9.6.6/src/stored/file_dev.c:172:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!IsPathSeparator(archive_name.c_str()[strlen(archive_name.c_str())-1])) {
data/bacula-9.6.6/src/stored/file_dev.c:267:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!IsPathSeparator(archive_name.c_str()[strlen(archive_name.c_str())-1])) {
data/bacula-9.6.6/src/stored/file_driver.c:295:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (parts == NULL || strlen(VolumeName) == 0) {
data/bacula-9.6.6/src/stored/file_driver.c:304:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!IsPathSeparator(vol_dir[strlen(vol_dir)-1])) {
data/bacula-9.6.6/src/stored/file_driver.c:362:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!ext || strlen(ext) < 2) {
data/bacula-9.6.6/src/stored/file_driver.c:373:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!IsPathSeparator(part_path[strlen(vol_dir)-1])) {
data/bacula-9.6.6/src/stored/file_driver.c:464:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!IsPathSeparator(fullpath[strlen(fullpath)-1])) {
data/bacula-9.6.6/src/stored/hello.c:84:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(dir->msg, "Hello SD: Bacula Director %127s calling %d",
data/bacula-9.6.6/src/stored/hello.c:86:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(dir->msg, "Hello SD: Bacula Director %127s calling",
data/bacula-9.6.6/src/stored/hello.c:152:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(fd->msg, "Hello Bacula SD: Start Job %127s %d %d", job_name, &fd_version, &sd_version) != 3 &&
data/bacula-9.6.6/src/stored/hello.c:153:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(fd->msg, "Hello FD: Bacula Storage calling Start Job %127s %d", job_name, &sd_version) != 2 &&
data/bacula-9.6.6/src/stored/hello.c:154:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(fd->msg, "Hello Start Job %127s", job_name) != 1) {
data/bacula-9.6.6/src/stored/hello.c:284:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(cl->msg, "Hello Bacula SD: Start Job %127s %d %d", job_name, &fd_version, &sd_version) != 3) {
data/bacula-9.6.6/src/stored/init_dev.c:249:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dev->dev_name = get_memory(strlen(device->device_name)+1);
data/bacula-9.6.6/src/stored/init_dev.c:251:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dev->prt_name = get_memory(strlen(device->device_name) + strlen(device->hdr.name) + 20);
data/bacula-9.6.6/src/stored/init_dev.c:251:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dev->prt_name = get_memory(strlen(device->device_name) + strlen(device->hdr.name) + 20);
data/bacula-9.6.6/src/stored/init_dev.c:414:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(me->plugin_directory);
data/bacula-9.6.6/src/stored/job.c:236:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(jcr->sd_auth_key, 0, strlen(jcr->sd_auth_key));
data/bacula-9.6.6/src/stored/read_records.c:514:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = 0;
data/bacula-9.6.6/src/stored/reserve.c:180:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(jcr->sd_auth_key, 0, strlen(jcr->sd_auth_key));
data/bacula-9.6.6/src/stored/reserve.c:1267:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendit(msg, strlen(msg), arg);
data/bacula-9.6.6/src/stored/s3_driver.c:667:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!parts || strlen(VolumeName) == 0) {
data/bacula-9.6.6/src/stored/s3_driver.c:696:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!parts || strlen(part_path_name) == 0) {
data/bacula-9.6.6/src/stored/s3_driver.c:736:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp[strlen(cp)-1] = 0;
data/bacula-9.6.6/src/stored/scan.c:74:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(mount_point);
data/bacula-9.6.6/src/stored/scan.c:151:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/bacula-9.6.6/src/stored/sdcollect.c:213:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(out.c_str()) + 1;
data/bacula-9.6.6/src/stored/spool.c:230:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rdev->dev_name = get_memory(strlen(spool_name)+1);
data/bacula-9.6.6/src/stored/spool.c:231:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bstrncpy(rdev->dev_name, spool_name, strlen(spool_name)+1);
data/bacula-9.6.6/src/stored/spool.c:360:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stat = read(dcr->spool_fd, (char *)&hdr, (size_t)rlen);
data/bacula-9.6.6/src/stored/spool.c:383:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stat = read(dcr->spool_fd, (char *)block->buf, (size_t)rlen);
data/bacula-9.6.6/src/stored/status.c:282:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendit(p, strlen(p), sp);
data/bacula-9.6.6/src/stored/status.c:418:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendit(p, strlen(p), sp);
data/bacula-9.6.6/src/stored/status.c:516:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendit(p, strlen(p), sp);
data/bacula-9.6.6/src/stored/status.c:819:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendit(p1, strlen(p1), sp);
data/bacula-9.6.6/src/stored/status.c:1224:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendit(buf, strlen(buf), sp);
data/bacula-9.6.6/src/stored/stored.c:517:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int my_name_len = strlen(my_name);
data/bacula-9.6.6/src/stored/stored.c:518:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(me->working_directory);
data/bacula-9.6.6/src/stored/tape_dev.c:617:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((stat = this->read((char *)rbuf, rbuf_len)) < 0) {
data/bacula-9.6.6/src/stored/vtape_dev.c:194:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (::read(fd, &l, sizeof(l)) > 0) {
data/bacula-9.6.6/src/stored/vtape_dev.c:560:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
::read(fd, &c, sizeof(c));
data/bacula-9.6.6/src/stored/vtape_dev.c:569:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
::read(fd, &last_FM, sizeof(last_FM));
data/bacula-9.6.6/src/stored/vtape_dev.c:570:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = ::read(fd, &next_FM, sizeof(next_FM));
data/bacula-9.6.6/src/stored/vtape_dev.c:612:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nb = ::read(fd, &s, sizeof(uint32_t)); /* get size of next block */
data/bacula-9.6.6/src/stored/vtape_dev.c:858:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nb = ::read(fd, &s, sizeof(uint32_t));
data/bacula-9.6.6/src/stored/vtape_dev.c:881:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nb = ::read(fd, buffer, s);
data/bacula-9.6.6/src/stored/vtape_dev.c:926:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lockfile = (char *)malloc(strlen(pathname) + 3);
data/bacula-9.6.6/src/tools/bpluginfo.c:327:14: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dirtmp, "/");
data/bacula-9.6.6/src/tools/bsmtp.c:113:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(buf);
data/bacula-9.6.6/src/tools/bsmtp.c:668:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = '\0';
data/bacula-9.6.6/src/tools/bsnapshot.c:107:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!IsPathSeparator(path[strlen(path) - 1])) {
data/bacula-9.6.6/src/tools/bsnapshot.c:525:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen("Creation time:");
data/bacula-9.6.6/src/tools/bsnapshot.c:594:14: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(p, "ID %49s ", id) == 1) { /* We found ID, look for path */
data/bacula-9.6.6/src/tools/bsnapshot.c:597:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = p2 + strlen("path ");
data/bacula-9.6.6/src/tools/bsnapshot.c:598:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
v = (struct vols*) malloc(sizeof (vols) + strlen(path) + 1);
data/bacula-9.6.6/src/tools/bsnapshot.c:605:26: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (p2 && sscanf(p2, "otime %49s %49s", day, hour) == 2) {
data/bacula-9.6.6/src/tools/bsnapshot.c:610:26: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (p2 && sscanf(p2, "parent_uuid %127s", v->puuid) == 1) {
data/bacula-9.6.6/src/tools/bsnapshot.c:613:29: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (p2 && sscanf(p2, " uuid %127s", v->uuid) == 1) {
data/bacula-9.6.6/src/tools/bsnapshot.c:640:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(arg->snapdir);
data/bacula-9.6.6/src/tools/bsnapshot.c:646:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arg->mountpoint[strlen(arg->mountpoint) - 1] == '/' ? "": "/",
data/bacula-9.6.6/src/tools/bsnapshot.c:679:16: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
ok = (sscanf(p, "ID %49s ", id) == 1);
data/bacula-9.6.6/src/tools/bsnapshot.c:683:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen("path ");
data/bacula-9.6.6/src/tools/bsnapshot.c:685:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
elt1 = (struct vols *) malloc(sizeof(struct vols) + strlen(p) + 1);
data/bacula-9.6.6/src/tools/bsnapshot.c:948:20: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(buf[3], "%49s %49s %d %d:%d %d",
data/bacula-9.6.6/src/tools/bsnapshot.c:1103:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(dm, "/dev/dm", strlen("/dev/dm")) != 0) {
data/bacula-9.6.6/src/tools/bsnapshot.c:1121:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*ret = check_pool_memory_size(*ret, strlen(errmsg)+1);
data/bacula-9.6.6/src/tools/bsnapshot.c:1176:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (dm && dmpath && strlen(elt[dmpath]) > strlen("/dev/mapper/")) {
data/bacula-9.6.6/src/tools/bsnapshot.c:1176:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (dm && dmpath && strlen(elt[dmpath]) > strlen("/dev/mapper/")) {
data/bacula-9.6.6/src/tools/bsnapshot.c:1177:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp(elt[dmpath] + strlen("/dev/mapper/"), dm) == 0) {
data/bacula-9.6.6/src/tools/bsnapshot.c:1185:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
POOLMEM *buf2 = get_memory(strlen(elt[path])*2+10);
data/bacula-9.6.6/src/tools/bsnapshot.c:1308:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (size_to_uint64(p+1, strlen(p+1), &s)) {
data/bacula-9.6.6/src/tools/bsnapshot.c:1733:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(p, elt[p_path], strlen(p)) == 0) {
data/bacula-9.6.6/src/tools/bsnapshot.c:1734:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pm_strcpy(f, elt[p_path] + strlen(p));/* test_MySnapshot_2020.. => MySnapshot_2020 */
data/bacula-9.6.6/src/tools/cats_test.c:472:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db_escape_string(jcr, db, buf2, buf, strlen(buf));
data/bacula-9.6.6/src/tools/cats_test.c:473:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok((strlen(buf) + 2) == strlen(buf2),"Quoted string should be longer");
data/bacula-9.6.6/src/tools/cats_test.c:473:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok((strlen(buf) + 2) == strlen(buf2),"Quoted string should be longer");
data/bacula-9.6.6/src/tools/dbcheck.c:704:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db_escape_string(NULL, db, esc_name, name_list.name[i], strlen(name_list.name[i]));
data/bacula-9.6.6/src/tools/dbcheck.c:761:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db_escape_string(NULL, db, esc_name, name_list.name[i], strlen(name_list.name[i]));
data/bacula-9.6.6/src/tools/dbcheck.c:1253:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len=strlen(name); len > 0 && IsPathSeparator(name[len-1]); len--)
data/bacula-9.6.6/src/tools/dbcheck.c:1316:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len=strlen(name); len > 0 && name[len-1]==' '; len--) {
data/bacula-9.6.6/src/tools/dbcheck.c:1405:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(key_name) + 1;
data/bacula-9.6.6/src/tools/fstype.c:77:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(fstype) + 1;
data/bacula-9.6.6/src/tools/gigaslam.c:45:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fseeko(fp, howBig - strlen(trailer), 0);
data/bacula-9.6.6/src/tools/gigaslam.c:46:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(trailer, strlen(trailer), 1, fp);
data/bacula-9.6.6/src/tools/grow.c:54:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fseeko(fp, howBig - strlen(trailer), SEEK_SET);
data/bacula-9.6.6/src/tools/grow.c:55:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(trailer, strlen(trailer), 1, fp);
data/bacula-9.6.6/src/win32/compat/compat.cpp:183:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*fname != 0 && win32_name[-1] == '\\' && strlen (fname) != 3) {
data/bacula-9.6.6/src/win32/compat/compat.cpp:198:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bstrncpy(pszBuf, tname, strlen(tname)+1);
data/bacula-9.6.6/src/win32/compat/compat.cpp:211:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DWORD dwSize = 2*strlen(name)+MAX_PATH;
data/bacula-9.6.6/src/win32/compat/compat.cpp:245:8: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wcslen(name) > 3 && wcsncmp(name, L"\\\\?\\", 4) == 0) {
data/bacula-9.6.6/src/win32/compat/compat.cpp:255:30: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DWORD dwBufCharsNeeded = (wcslen(name)+7);
data/bacula-9.6.6/src/win32/compat/compat.cpp:357:22: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nParseOffset = wcslen((LPCWSTR) pwszBuf);
data/bacula-9.6.6/src/win32/compat/compat.cpp:361:10: [1] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant
character.
wcscat(pwszBuf, L"\\");
data/bacula-9.6.6/src/win32/compat/compat.cpp:408:7: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(pszBuf, &pwszBuf[nParseOffset], wcslen(pwszBuf)+1-nParseOffset);
data/bacula-9.6.6/src/win32/compat/compat.cpp:408:47: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcsncpy(pszBuf, &pwszBuf[nParseOffset], wcslen(pwszBuf)+1-nParseOffset);
data/bacula-9.6.6/src/win32/compat/compat.cpp:467:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DWORD cchSize = (strlen(pszUTF)+1);
data/bacula-9.6.6/src/win32/compat/compat.cpp:512:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (g_dwWin32ConvUTF8strlen == strlen(pszUTF)) {
data/bacula-9.6.6/src/win32/compat/compat.cpp:538:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_dwWin32ConvUTF8strlen = strlen(pszUTF);
data/bacula-9.6.6/src/win32/compat/compat.cpp:547:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
int umask(int)
data/bacula-9.6.6/src/win32/compat/compat.cpp:1411:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int max_len = strlen(path) + MAX_PATH;
data/bacula-9.6.6/src/win32/compat/compat.cpp:1441:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tspec[strlen(tspec)-1] != '\\')
data/bacula-9.6.6/src/win32/compat/compat.cpp:2213:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DWORD dwPathnameLength = strlen(pPathname);
data/bacula-9.6.6/src/win32/filed/plugins/bpipe-fd.c:446:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rp->where) >= sizeof(plugin_ctx::where)) {
data/bacula-9.6.6/src/win32/filed/plugins/bpipe-fd.c:516:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
omsg = (char*)malloc(strlen(imsg) + (w_count * (strlen(p_ctx->where)-2)) - r_count + 1);
data/bacula-9.6.6/src/win32/filed/plugins/bpipe-fd.c:516:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
omsg = (char*)malloc(strlen(imsg) + (w_count * (strlen(p_ctx->where)-2)) - r_count + 1);
data/bacula-9.6.6/src/win32/filed/plugins/dbi_node.c:149:20: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stream += wcslen(stream) + 1;
data/bacula-9.6.6/src/win32/filed/plugins/exch_dbi_node.c:148:20: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stream += wcslen(stream) + 1;
data/bacula-9.6.6/src/win32/filed/plugins/exch_file_node.c:111:25: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *tmp = new char[wcslen(filename) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/exch_file_node.c:112:28: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcstombs(tmp, filename, wcslen(filename) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/exch_node.c:64:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(curr_node->name) + 1;
data/bacula-9.6.6/src/win32/filed/plugins/exch_node.c:79:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len -= strlen(curr_node->name);
data/bacula-9.6.6/src/win32/filed/plugins/exch_node.c:80:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(retval + len, curr_node->name, strlen(curr_node->name));
data/bacula-9.6.6/src/win32/filed/plugins/exch_service_node.c:73:31: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *tmp = new char[wcslen(ibi[current_ibi].wszInstanceName) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/exch_service_node.c:74:58: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcstombs(tmp, ibi[current_ibi].wszInstanceName, wcslen(ibi[current_ibi].wszInstanceName) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/exch_service_node.c:87:28: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = new char[wcslen(ibi[current_ibi].wszInstanceName) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/exch_service_node.c:88:61: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcstombs(tmp, ibi[current_ibi].wszInstanceName, wcslen(ibi[current_ibi].wszInstanceName) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:89:34: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *tmp = new char[wcslen(dbi->wszDatabaseDisplayName) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:90:56: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcstombs(tmp, dbi->wszDatabaseDisplayName, wcslen(dbi->wszDatabaseDisplayName) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:103:37: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *tmp = new char[wcslen(dbi->wszDatabaseDisplayName) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:104:59: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcstombs(tmp, dbi->wszDatabaseDisplayName, wcslen(dbi->wszDatabaseDisplayName) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:130:98: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len = 0, tmp_logfile_ptr = tmp_logfiles; *tmp_logfile_ptr != 0; tmp_logfile_ptr += wcslen(tmp_logfile_ptr) + 1)
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:132:20: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += wcslen(tmp_logfile_ptr) + 1;
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:136:89: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (tmp_logfile_ptr = tmp_logfiles; *tmp_logfile_ptr != 0; tmp_logfile_ptr += wcslen(tmp_logfile_ptr) + 1)
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:177:54: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(logfile_ptr, tmp_logfile_ptr, (wcslen(tmp_logfile_ptr) + 1) * 2);
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:178:31: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
logfile_ptr += wcslen(logfile_ptr) + 1;
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:186:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = new char[strlen(full_path) + wcslen(tmp_logfile_ptr) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:186:54: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = new char[strlen(full_path) + wcslen(tmp_logfile_ptr) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:188:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcstombs(tmp + strlen(full_path), tmp_logfile_ptr, wcslen(tmp_logfile_ptr) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:188:70: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcstombs(tmp + strlen(full_path), tmp_logfile_ptr, wcslen(tmp_logfile_ptr) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:204:25: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = new char[wcslen(logfile_ptr) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:205:37: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcstombs(tmp, logfile_ptr, wcslen(logfile_ptr) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:259:22: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
logfile_ptr += wcslen(logfile_ptr) + 1;
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:299:34: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
saved_log_path = new WCHAR[wcslen(restore_environment->m_wszRestoreLogPath) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:350:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
service_name = new WCHAR[strlen(parent->name) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:351:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
storage_group_name = new WCHAR[strlen(name) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:352:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbstowcs(service_name, parent->name, strlen(parent->name) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:353:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbstowcs(storage_group_name, name, strlen(name) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:393:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(file_node->name) - 1; i >= 0; i--) {
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:399:16: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = wcslen(restore_environment->m_wszRestoreLogPath) + strlen(file_node->name + i) + 1 + 1;
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:399:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = wcslen(restore_environment->m_wszRestoreLogPath) + strlen(file_node->name + i) + 1 + 1;
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:402:10: [1] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant
character.
wcscat(file_node->filename, L"\\");
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:403:40: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbstowcs(&file_node->filename[wcslen(file_node->filename)], file_node->name + i, strlen(file_node->name + i) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/exch_storage_group_node.c:403:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbstowcs(&file_node->filename[wcslen(file_node->filename)], file_node->name + i, strlen(file_node->name + i) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/exch_store_node.c:58:22: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = new char[wcslen(stream_ptr) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/exch_store_node.c:59:33: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcstombs(tmp, stream_ptr, wcslen(stream_ptr) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/exch_store_node.c:106:21: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stream_ptr += wcslen(stream_ptr) + 1;
data/bacula-9.6.6/src/win32/filed/plugins/exch_store_node.c:219:27: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stream_ptr += wcslen(stream_ptr) + 1;
data/bacula-9.6.6/src/win32/filed/plugins/exch_store_node.c:220:31: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_stream_ptr += wcslen(out_stream_ptr) + 1;
data/bacula-9.6.6/src/win32/filed/plugins/exchange-fd.c:26:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#undef strncpy
data/bacula-9.6.6/src/win32/filed/plugins/exchange-fd.c:107:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(RetVal[*count], first, last - first);
data/bacula-9.6.6/src/win32/filed/plugins/exchange-fd.c:308:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *command = new char[strlen((char *)value) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/exchange-fd.c:334:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
context->path_bits[i] = new char[strlen(path_bit) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/exchange-fd.h:132:25: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *tmp = new char[wcslen(src) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/exchange-fd.h:133:23: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcstombs(tmp, src, wcslen(src) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/exchange-fd.h:139:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WCHAR *tmp = new WCHAR[strlen(src) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/exchange-fd.h:140:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbstowcs(tmp, src, strlen(src) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/file_node.c:109:25: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *tmp = new char[wcslen(filename) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/file_node.c:110:28: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcstombs(tmp, filename, wcslen(filename) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/node.c:62:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(curr_node->name) + 1;
data/bacula-9.6.6/src/win32/filed/plugins/node.c:77:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len -= strlen(curr_node->name);
data/bacula-9.6.6/src/win32/filed/plugins/node.c:78:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(retval + len, curr_node->name, strlen(curr_node->name));
data/bacula-9.6.6/src/win32/filed/plugins/service_node.c:70:31: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *tmp = new char[wcslen(ibi[current_ibi].wszInstanceName) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/service_node.c:71:58: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcstombs(tmp, ibi[current_ibi].wszInstanceName, wcslen(ibi[current_ibi].wszInstanceName) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/service_node.c:84:28: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = new char[wcslen(ibi[current_ibi].wszInstanceName) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/service_node.c:85:61: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcstombs(tmp, ibi[current_ibi].wszInstanceName, wcslen(ibi[current_ibi].wszInstanceName) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:90:34: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *tmp = new char[wcslen(dbi->wszDatabaseDisplayName) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:91:56: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcstombs(tmp, dbi->wszDatabaseDisplayName, wcslen(dbi->wszDatabaseDisplayName) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:104:37: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *tmp = new char[wcslen(dbi->wszDatabaseDisplayName) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:105:59: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcstombs(tmp, dbi->wszDatabaseDisplayName, wcslen(dbi->wszDatabaseDisplayName) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:131:98: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len = 0, tmp_logfile_ptr = tmp_logfiles; *tmp_logfile_ptr != 0; tmp_logfile_ptr += wcslen(tmp_logfile_ptr) + 1)
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:133:20: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += wcslen(tmp_logfile_ptr) + 1;
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:137:89: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (tmp_logfile_ptr = tmp_logfiles; *tmp_logfile_ptr != 0; tmp_logfile_ptr += wcslen(tmp_logfile_ptr) + 1)
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:178:54: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(logfile_ptr, tmp_logfile_ptr, (wcslen(tmp_logfile_ptr) + 1) * 2);
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:179:31: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
logfile_ptr += wcslen(logfile_ptr) + 1;
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:187:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = new char[strlen(full_path) + wcslen(tmp_logfile_ptr) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:187:54: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = new char[strlen(full_path) + wcslen(tmp_logfile_ptr) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:189:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcstombs(tmp + strlen(full_path), tmp_logfile_ptr, wcslen(tmp_logfile_ptr) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:189:70: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcstombs(tmp + strlen(full_path), tmp_logfile_ptr, wcslen(tmp_logfile_ptr) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:205:25: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = new char[wcslen(logfile_ptr) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:206:37: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcstombs(tmp, logfile_ptr, wcslen(logfile_ptr) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:260:22: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
logfile_ptr += wcslen(logfile_ptr) + 1;
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:308:34: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
saved_log_path = new WCHAR[wcslen(restore_environment->m_wszRestoreLogPath) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:367:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
service_name = new WCHAR[strlen(parent->name) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:368:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
storage_group_name = new WCHAR[strlen(name) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:369:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbstowcs(service_name, parent->name, strlen(parent->name) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:370:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbstowcs(storage_group_name, name, strlen(name) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:415:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(file_node->name) - 1; i >= 0; i--)
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:423:16: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = wcslen(restore_environment->m_wszRestoreLogPath) + strlen(file_node->name + i) + 1 + 1;
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:423:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = wcslen(restore_environment->m_wszRestoreLogPath) + strlen(file_node->name + i) + 1 + 1;
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:426:10: [1] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant
character.
wcscat(file_node->filename, L"\\");
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:427:40: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbstowcs(&file_node->filename[wcslen(file_node->filename)], file_node->name + i, strlen(file_node->name + i) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/storage_group_node.c:427:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbstowcs(&file_node->filename[wcslen(file_node->filename)], file_node->name + i, strlen(file_node->name + i) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/store_node.c:61:22: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = new char[wcslen(stream_ptr) + 1];
data/bacula-9.6.6/src/win32/filed/plugins/store_node.c:62:33: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcstombs(tmp, stream_ptr, wcslen(stream_ptr) + 1);
data/bacula-9.6.6/src/win32/filed/plugins/store_node.c:109:21: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stream_ptr += wcslen(stream_ptr) + 1;
data/bacula-9.6.6/src/win32/filed/plugins/store_node.c:222:27: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stream_ptr += wcslen(stream_ptr) + 1;
data/bacula-9.6.6/src/win32/filed/plugins/store_node.c:223:31: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_stream_ptr += wcslen(out_stream_ptr) + 1;
data/bacula-9.6.6/src/win32/filed/vss.cpp:170:15: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Index = wcslen(VolumeName) - 1;
data/bacula-9.6.6/src/win32/filed/vss.cpp:469:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nBuflen -= (int)strlen(szShadowPath);
data/bacula-9.6.6/src/win32/filed/vss.cpp:483:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(szFilePath) > rootPath.length()) {
data/bacula-9.6.6/src/win32/filed/vss.cpp:522:7: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(szShadowPath, vol->shadowCopyName, nBuflen);
data/bacula-9.6.6/src/win32/filed/vss.cpp:523:23: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nBuflen -= (int)wcslen(vol->shadowCopyName);
data/bacula-9.6.6/src/win32/filed/vss.cpp:525:7: [1] (buffer) wcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is low because the source is a
constant character.
wcsncat(szShadowPath, L"\\", nBuflen);
data/bacula-9.6.6/src/win32/filed/vss.cpp:531:11: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wcslen(szFilePath) > rootPath.length()) {
data/bacula-9.6.6/src/win32/filed/vss.cpp:533:10: [1] (buffer) wcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
wcsncat(szShadowPath, szFilePath+rootPath.length(), nBuflen);
data/bacula-9.6.6/src/win32/filed/vss.cpp:539:4: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(szShadowPath, szFilePath, nBuflen);
data/bacula-9.6.6/src/win32/filed/vss.h:46:47: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define bwcsdup(str) wcscpy((WCHAR *)bmalloc((wcslen(str)+1)*sizeof(WCHAR)),(str))
data/bacula-9.6.6/src/win32/filed/vss.h:73:18: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int last = wcslen(VolumeName);
data/bacula-9.6.6/src/win32/filed/vss.h:130:53: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( p = mountPaths; p[0] != L'\0'; p += wcslen(p) + 1) {
data/bacula-9.6.6/src/win32/filed/vss.h:177:15: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prev += wcslen(prev) + 1;
data/bacula-9.6.6/src/win32/libwin32/main.cpp:178:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (int)strlen(cmdLine); i++) {
data/bacula-9.6.6/src/win32/libwin32/main.cpp:644:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (_tcslen(osvi.szCSDVersion) > 0) {
data/bacula-9.6.6/src/win32/libwin32/service.cpp:240:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(path) + (int)strlen(cmdOpts) + 30 < maxlen) {
data/bacula-9.6.6/src/win32/libwin32/service.cpp:240:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(path) + (int)strlen(cmdOpts) + 30 < maxlen) {
data/bacula-9.6.6/src/win32/libwin32/service.cpp:306:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned char *)svcmd, strlen(svcmd)+1) != ERROR_SUCCESS) {
data/bacula-9.6.6/src/win32/stored/mtops.cpp:280:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(fd, buffer, count);
data/bacula-9.6.6/src/win32/tools/ScsiDeviceList.cpp:228:37: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DWORD dwSubkeyLength = (DWORD)_tcslen(szSubkeyName);
ANALYSIS SUMMARY:
Hits = 2888
Lines analyzed = 259097 in approximately 7.08 seconds (36588 lines/second)
Physical Source Lines of Code (SLOC) = 185172
Hits@level = [0] 1157 [1] 854 [2] 1668 [3] 71 [4] 281 [5] 14
Hits@level+ = [0+] 4045 [1+] 2888 [2+] 2034 [3+] 366 [4+] 295 [5+] 14
Hits/KSLOC@level+ = [0+] 21.8446 [1+] 15.5963 [2+] 10.9844 [3+] 1.97654 [4+] 1.59311 [5+] 0.0756054
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.