Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bareos-17.2.7/platforms/freebsd/tapetest.c
Examining data/bareos-17.2.7/src/cats/bdb_dbi.h
Examining data/bareos-17.2.7/src/cats/bdb_ingres.h
Examining data/bareos-17.2.7/src/cats/bdb_mysql.h
Examining data/bareos-17.2.7/src/cats/bdb_postgresql.h
Examining data/bareos-17.2.7/src/cats/bdb_priv.h
Examining data/bareos-17.2.7/src/cats/bdb_query_enum_class.h
Examining data/bareos-17.2.7/src/cats/bdb_sqlite.h
Examining data/bareos-17.2.7/src/cats/bvfs.c
Examining data/bareos-17.2.7/src/cats/bvfs.h
Examining data/bareos-17.2.7/src/cats/cats.c
Examining data/bareos-17.2.7/src/cats/cats.h
Examining data/bareos-17.2.7/src/cats/cats_backends.c
Examining data/bareos-17.2.7/src/cats/cats_backends.h
Examining data/bareos-17.2.7/src/cats/dbi.c
Examining data/bareos-17.2.7/src/cats/ingres.c
Examining data/bareos-17.2.7/src/cats/myingres.c
Examining data/bareos-17.2.7/src/cats/myingres.h
Examining data/bareos-17.2.7/src/cats/mysql.c
Examining data/bareos-17.2.7/src/cats/postgresql.c
Examining data/bareos-17.2.7/src/cats/protos.h
Examining data/bareos-17.2.7/src/cats/sql.c
Examining data/bareos-17.2.7/src/cats/sql_create.c
Examining data/bareos-17.2.7/src/cats/sql_delete.c
Examining data/bareos-17.2.7/src/cats/sql_find.c
Examining data/bareos-17.2.7/src/cats/sql_get.c
Examining data/bareos-17.2.7/src/cats/sql_list.c
Examining data/bareos-17.2.7/src/cats/sql_pooling.c
Examining data/bareos-17.2.7/src/cats/sql_query.c
Examining data/bareos-17.2.7/src/cats/sql_update.c
Examining data/bareos-17.2.7/src/cats/sqlite.c
Examining data/bareos-17.2.7/src/console/conio.c
Examining data/bareos-17.2.7/src/console/conio.h
Examining data/bareos-17.2.7/src/console/console.c
Examining data/bareos-17.2.7/src/console/console_conf.c
Examining data/bareos-17.2.7/src/console/console_conf.h
Examining data/bareos-17.2.7/src/console/func.h
Examining data/bareos-17.2.7/src/dird/admin.c
Examining data/bareos-17.2.7/src/dird/archive.c
Examining data/bareos-17.2.7/src/dird/authenticate.c
Examining data/bareos-17.2.7/src/dird/autoprune.c
Examining data/bareos-17.2.7/src/dird/backup.c
Examining data/bareos-17.2.7/src/dird/bsr.c
Examining data/bareos-17.2.7/src/dird/bsr.h
Examining data/bareos-17.2.7/src/dird/catreq.c
Examining data/bareos-17.2.7/src/dird/consolidate.c
Examining data/bareos-17.2.7/src/dird/dbcheck.c
Examining data/bareos-17.2.7/src/dird/dir_plugins.c
Examining data/bareos-17.2.7/src/dird/dir_plugins.h
Examining data/bareos-17.2.7/src/dird/dird.c
Examining data/bareos-17.2.7/src/dird/dird.h
Examining data/bareos-17.2.7/src/dird/dird_conf.c
Examining data/bareos-17.2.7/src/dird/dird_conf.h
Examining data/bareos-17.2.7/src/dird/expand.c
Examining data/bareos-17.2.7/src/dird/fd_cmds.c
Examining data/bareos-17.2.7/src/dird/getmsg.c
Examining data/bareos-17.2.7/src/dird/inc_conf.c
Examining data/bareos-17.2.7/src/dird/inc_conf.h
Examining data/bareos-17.2.7/src/dird/job.c
Examining data/bareos-17.2.7/src/dird/jobq.c
Examining data/bareos-17.2.7/src/dird/jobq.h
Examining data/bareos-17.2.7/src/dird/migrate.c
Examining data/bareos-17.2.7/src/dird/mountreq.c
Examining data/bareos-17.2.7/src/dird/msgchan.c
Examining data/bareos-17.2.7/src/dird/ndmp_dma_backup_NDMP_BAREOS.c
Examining data/bareos-17.2.7/src/dird/ndmp_dma_backup_NDMP_NATIVE.c
Examining data/bareos-17.2.7/src/dird/ndmp_dma_backup_common.c
Examining data/bareos-17.2.7/src/dird/ndmp_dma_generic.c
Examining data/bareos-17.2.7/src/dird/ndmp_dma_priv.h
Examining data/bareos-17.2.7/src/dird/ndmp_dma_restore_NDMP_BAREOS.c
Examining data/bareos-17.2.7/src/dird/ndmp_dma_restore_NDMP_NATIVE.c
Examining data/bareos-17.2.7/src/dird/ndmp_dma_restore_common.c
Examining data/bareos-17.2.7/src/dird/ndmp_dma_storage.c
Examining data/bareos-17.2.7/src/dird/ndmp_fhdb_common.c
Examining data/bareos-17.2.7/src/dird/ndmp_fhdb_helpers.c
Examining data/bareos-17.2.7/src/dird/ndmp_fhdb_lmdb.c
Examining data/bareos-17.2.7/src/dird/ndmp_fhdb_mem.c
Examining data/bareos-17.2.7/src/dird/ndmp_ndmmedia_db_helpers.c
Examining data/bareos-17.2.7/src/dird/newvol.c
Examining data/bareos-17.2.7/src/dird/next_vol.c
Examining data/bareos-17.2.7/src/dird/protos.h
Examining data/bareos-17.2.7/src/dird/quota.c
Examining data/bareos-17.2.7/src/dird/recycle.c
Examining data/bareos-17.2.7/src/dird/restore.c
Examining data/bareos-17.2.7/src/dird/run_conf.c
Examining data/bareos-17.2.7/src/dird/scheduler.c
Examining data/bareos-17.2.7/src/dird/sd_cmds.c
Examining data/bareos-17.2.7/src/dird/socket_server.c
Examining data/bareos-17.2.7/src/dird/stats.c
Examining data/bareos-17.2.7/src/dird/storage.c
Examining data/bareos-17.2.7/src/dird/testfind.c
Examining data/bareos-17.2.7/src/dird/ua.h
Examining data/bareos-17.2.7/src/dird/ua_acl.c
Examining data/bareos-17.2.7/src/dird/ua_audit.c
Examining data/bareos-17.2.7/src/dird/ua_cmds.c
Examining data/bareos-17.2.7/src/dird/ua_configure.c
Examining data/bareos-17.2.7/src/dird/ua_db.c
Examining data/bareos-17.2.7/src/dird/ua_dotcmds.c
Examining data/bareos-17.2.7/src/dird/ua_impexp.c
Examining data/bareos-17.2.7/src/dird/ua_input.c
Examining data/bareos-17.2.7/src/dird/ua_label.c
Examining data/bareos-17.2.7/src/dird/ua_output.c
Examining data/bareos-17.2.7/src/dird/ua_prune.c
Examining data/bareos-17.2.7/src/dird/ua_purge.c
Examining data/bareos-17.2.7/src/dird/ua_query.c
Examining data/bareos-17.2.7/src/dird/ua_restore.c
Examining data/bareos-17.2.7/src/dird/ua_run.c
Examining data/bareos-17.2.7/src/dird/ua_select.c
Examining data/bareos-17.2.7/src/dird/ua_server.c
Examining data/bareos-17.2.7/src/dird/ua_status.c
Examining data/bareos-17.2.7/src/dird/ua_tree.c
Examining data/bareos-17.2.7/src/dird/ua_update.c
Examining data/bareos-17.2.7/src/dird/unittests/ndmp_fhdb_test.c
Examining data/bareos-17.2.7/src/dird/unittests/ndmp_testdata.h
Examining data/bareos-17.2.7/src/dird/unittests/protos.h
Examining data/bareos-17.2.7/src/dird/unittests/test_dir.c
Examining data/bareos-17.2.7/src/dird/vbackup.c
Examining data/bareos-17.2.7/src/dird/verify.c
Examining data/bareos-17.2.7/src/filed/accurate.c
Examining data/bareos-17.2.7/src/filed/accurate.h
Examining data/bareos-17.2.7/src/filed/accurate_htable.c
Examining data/bareos-17.2.7/src/filed/accurate_lmdb.c
Examining data/bareos-17.2.7/src/filed/authenticate.c
Examining data/bareos-17.2.7/src/filed/backup.c
Examining data/bareos-17.2.7/src/filed/backup.h
Examining data/bareos-17.2.7/src/filed/compression.c
Examining data/bareos-17.2.7/src/filed/crypto.c
Examining data/bareos-17.2.7/src/filed/dir_cmd.c
Examining data/bareos-17.2.7/src/filed/estimate.c
Examining data/bareos-17.2.7/src/filed/fd_plugins.c
Examining data/bareos-17.2.7/src/filed/fd_plugins.h
Examining data/bareos-17.2.7/src/filed/filed.c
Examining data/bareos-17.2.7/src/filed/filed.h
Examining data/bareos-17.2.7/src/filed/filed_conf.c
Examining data/bareos-17.2.7/src/filed/filed_conf.h
Examining data/bareos-17.2.7/src/filed/fileset.c
Examining data/bareos-17.2.7/src/filed/heartbeat.c
Examining data/bareos-17.2.7/src/filed/protos.h
Examining data/bareos-17.2.7/src/filed/restore.c
Examining data/bareos-17.2.7/src/filed/restore.h
Examining data/bareos-17.2.7/src/filed/sd_cmds.c
Examining data/bareos-17.2.7/src/filed/socket_server.c
Examining data/bareos-17.2.7/src/filed/status.c
Examining data/bareos-17.2.7/src/filed/verify.c
Examining data/bareos-17.2.7/src/filed/verify_vol.c
Examining data/bareos-17.2.7/src/findlib/acl.c
Examining data/bareos-17.2.7/src/findlib/acl.h
Examining data/bareos-17.2.7/src/findlib/attribs.c
Examining data/bareos-17.2.7/src/findlib/bfile.c
Examining data/bareos-17.2.7/src/findlib/bfile.h
Examining data/bareos-17.2.7/src/findlib/create_file.c
Examining data/bareos-17.2.7/src/findlib/drivetype.c
Examining data/bareos-17.2.7/src/findlib/enable_priv.c
Examining data/bareos-17.2.7/src/findlib/find.c
Examining data/bareos-17.2.7/src/findlib/find.h
Examining data/bareos-17.2.7/src/findlib/find_one.c
Examining data/bareos-17.2.7/src/findlib/fstype.c
Examining data/bareos-17.2.7/src/findlib/hardlink.c
Examining data/bareos-17.2.7/src/findlib/match.c
Examining data/bareos-17.2.7/src/findlib/mkpath.c
Examining data/bareos-17.2.7/src/findlib/protos.h
Examining data/bareos-17.2.7/src/findlib/savecwd.c
Examining data/bareos-17.2.7/src/findlib/savecwd.h
Examining data/bareos-17.2.7/src/findlib/shadowing.c
Examining data/bareos-17.2.7/src/findlib/unittests/drivetype_test.c
Examining data/bareos-17.2.7/src/findlib/unittests/fstype_test.c
Examining data/bareos-17.2.7/src/findlib/unittests/protos.h
Examining data/bareos-17.2.7/src/findlib/unittests/test_findlib.c
Examining data/bareos-17.2.7/src/findlib/xattr.c
Examining data/bareos-17.2.7/src/findlib/xattr.h
Examining data/bareos-17.2.7/src/include/baconfig.h
Examining data/bareos-17.2.7/src/include/bareos.h
Examining data/bareos-17.2.7/src/include/bc_types.h
Examining data/bareos-17.2.7/src/include/ch.h
Examining data/bareos-17.2.7/src/include/fileopts.h
Examining data/bareos-17.2.7/src/include/filetypes.h
Examining data/bareos-17.2.7/src/include/hostconfig.h
Examining data/bareos-17.2.7/src/include/jcr.h
Examining data/bareos-17.2.7/src/include/streams.h
Examining data/bareos-17.2.7/src/include/version.h
Examining data/bareos-17.2.7/src/lib/address_conf.c
Examining data/bareos-17.2.7/src/lib/address_conf.h
Examining data/bareos-17.2.7/src/lib/alist.c
Examining data/bareos-17.2.7/src/lib/alist.h
Examining data/bareos-17.2.7/src/lib/attr.c
Examining data/bareos-17.2.7/src/lib/attr.h
Examining data/bareos-17.2.7/src/lib/attribs.c
Examining data/bareos-17.2.7/src/lib/base64.c
Examining data/bareos-17.2.7/src/lib/base64.h
Examining data/bareos-17.2.7/src/lib/berrno.c
Examining data/bareos-17.2.7/src/lib/berrno.h
Examining data/bareos-17.2.7/src/lib/bget_msg.c
Examining data/bareos-17.2.7/src/lib/binflate.c
Examining data/bareos-17.2.7/src/lib/bits.h
Examining data/bareos-17.2.7/src/lib/bmtio.h
Examining data/bareos-17.2.7/src/lib/bnet.c
Examining data/bareos-17.2.7/src/lib/bnet_server_tcp.c
Examining data/bareos-17.2.7/src/lib/bpipe.c
Examining data/bareos-17.2.7/src/lib/bpipe.h
Examining data/bareos-17.2.7/src/lib/breg.c
Examining data/bareos-17.2.7/src/lib/breg.h
Examining data/bareos-17.2.7/src/lib/bregex.c
Examining data/bareos-17.2.7/src/lib/bregex.h
Examining data/bareos-17.2.7/src/lib/bsnprintf.c
Examining data/bareos-17.2.7/src/lib/bsock.c
Examining data/bareos-17.2.7/src/lib/bsock.h
Examining data/bareos-17.2.7/src/lib/bsock_sctp.c
Examining data/bareos-17.2.7/src/lib/bsock_sctp.h
Examining data/bareos-17.2.7/src/lib/bsock_tcp.c
Examining data/bareos-17.2.7/src/lib/bsock_tcp.h
Examining data/bareos-17.2.7/src/lib/bsock_udt.c
Examining data/bareos-17.2.7/src/lib/bsock_udt.h
Examining data/bareos-17.2.7/src/lib/bsr.h
Examining data/bareos-17.2.7/src/lib/bsys.c
Examining data/bareos-17.2.7/src/lib/btime.c
Examining data/bareos-17.2.7/src/lib/btime.h
Examining data/bareos-17.2.7/src/lib/btimers.c
Examining data/bareos-17.2.7/src/lib/btimers.h
Examining data/bareos-17.2.7/src/lib/cbuf.c
Examining data/bareos-17.2.7/src/lib/cbuf.h
Examining data/bareos-17.2.7/src/lib/compression.c
Examining data/bareos-17.2.7/src/lib/connection_pool.c
Examining data/bareos-17.2.7/src/lib/connection_pool.h
Examining data/bareos-17.2.7/src/lib/cram-md5.c
Examining data/bareos-17.2.7/src/lib/crypto.c
Examining data/bareos-17.2.7/src/lib/crypto.h
Examining data/bareos-17.2.7/src/lib/crypto_cache.c
Examining data/bareos-17.2.7/src/lib/crypto_cache.h
Examining data/bareos-17.2.7/src/lib/crypto_gnutls.c
Examining data/bareos-17.2.7/src/lib/crypto_none.c
Examining data/bareos-17.2.7/src/lib/crypto_nss.c
Examining data/bareos-17.2.7/src/lib/crypto_openssl.c
Examining data/bareos-17.2.7/src/lib/crypto_wrap.c
Examining data/bareos-17.2.7/src/lib/daemon.c
Examining data/bareos-17.2.7/src/lib/devlock.c
Examining data/bareos-17.2.7/src/lib/devlock.h
Examining data/bareos-17.2.7/src/lib/dlist.c
Examining data/bareos-17.2.7/src/lib/dlist.h
Examining data/bareos-17.2.7/src/lib/edit.c
Examining data/bareos-17.2.7/src/lib/fnmatch.c
Examining data/bareos-17.2.7/src/lib/fnmatch.h
Examining data/bareos-17.2.7/src/lib/generic_res.h
Examining data/bareos-17.2.7/src/lib/guid_to_name.c
Examining data/bareos-17.2.7/src/lib/guid_to_name.h
Examining data/bareos-17.2.7/src/lib/hmac.c
Examining data/bareos-17.2.7/src/lib/htable.c
Examining data/bareos-17.2.7/src/lib/htable.h
Examining data/bareos-17.2.7/src/lib/ini.c
Examining data/bareos-17.2.7/src/lib/ini.h
Examining data/bareos-17.2.7/src/lib/jcr.c
Examining data/bareos-17.2.7/src/lib/json.c
Examining data/bareos-17.2.7/src/lib/lex.c
Examining data/bareos-17.2.7/src/lib/lex.h
Examining data/bareos-17.2.7/src/lib/lib.h
Examining data/bareos-17.2.7/src/lib/lockmgr.c
Examining data/bareos-17.2.7/src/lib/lockmgr.h
Examining data/bareos-17.2.7/src/lib/md5.c
Examining data/bareos-17.2.7/src/lib/md5.h
Examining data/bareos-17.2.7/src/lib/mem_pool.c
Examining data/bareos-17.2.7/src/lib/mem_pool.h
Examining data/bareos-17.2.7/src/lib/message.c
Examining data/bareos-17.2.7/src/lib/message.h
Examining data/bareos-17.2.7/src/lib/mntent_cache.c
Examining data/bareos-17.2.7/src/lib/mntent_cache.h
Examining data/bareos-17.2.7/src/lib/msg_res.h
Examining data/bareos-17.2.7/src/lib/mutex_list.h
Examining data/bareos-17.2.7/src/lib/ordered_cbuf.c
Examining data/bareos-17.2.7/src/lib/ordered_cbuf.h
Examining data/bareos-17.2.7/src/lib/output_formatter.c
Examining data/bareos-17.2.7/src/lib/output_formatter.h
Examining data/bareos-17.2.7/src/lib/parse_bsr.c
Examining data/bareos-17.2.7/src/lib/parse_conf.c
Examining data/bareos-17.2.7/src/lib/parse_conf.h
Examining data/bareos-17.2.7/src/lib/passphrase.c
Examining data/bareos-17.2.7/src/lib/path_list.c
Examining data/bareos-17.2.7/src/lib/plugins.c
Examining data/bareos-17.2.7/src/lib/plugins.h
Examining data/bareos-17.2.7/src/lib/poll.c
Examining data/bareos-17.2.7/src/lib/priv.c
Examining data/bareos-17.2.7/src/lib/protos.h
Examining data/bareos-17.2.7/src/lib/queue.c
Examining data/bareos-17.2.7/src/lib/queue.h
Examining data/bareos-17.2.7/src/lib/rblist.c
Examining data/bareos-17.2.7/src/lib/rblist.h
Examining data/bareos-17.2.7/src/lib/res.c
Examining data/bareos-17.2.7/src/lib/runscript.c
Examining data/bareos-17.2.7/src/lib/runscript.h
Examining data/bareos-17.2.7/src/lib/rwlock.c
Examining data/bareos-17.2.7/src/lib/rwlock.h
Examining data/bareos-17.2.7/src/lib/scan.c
Examining data/bareos-17.2.7/src/lib/scsi_crypto.c
Examining data/bareos-17.2.7/src/lib/scsi_crypto.h
Examining data/bareos-17.2.7/src/lib/scsi_lli.c
Examining data/bareos-17.2.7/src/lib/scsi_lli.h
Examining data/bareos-17.2.7/src/lib/scsi_tapealert.c
Examining data/bareos-17.2.7/src/lib/scsi_tapealert.h
Examining data/bareos-17.2.7/src/lib/sellist.c
Examining data/bareos-17.2.7/src/lib/sellist.h
Examining data/bareos-17.2.7/src/lib/serial.c
Examining data/bareos-17.2.7/src/lib/serial.h
Examining data/bareos-17.2.7/src/lib/sha1.c
Examining data/bareos-17.2.7/src/lib/sha1.h
Examining data/bareos-17.2.7/src/lib/signal.c
Examining data/bareos-17.2.7/src/lib/smartall.c
Examining data/bareos-17.2.7/src/lib/smartall.h
Examining data/bareos-17.2.7/src/lib/status.h
Examining data/bareos-17.2.7/src/lib/tcpd.h
Examining data/bareos-17.2.7/src/lib/tls.h
Examining data/bareos-17.2.7/src/lib/tls_gnutls.c
Examining data/bareos-17.2.7/src/lib/tls_none.c
Examining data/bareos-17.2.7/src/lib/tls_nss.c
Examining data/bareos-17.2.7/src/lib/tls_openssl.c
Examining data/bareos-17.2.7/src/lib/tree.c
Examining data/bareos-17.2.7/src/lib/tree.h
Examining data/bareos-17.2.7/src/lib/unittests/alist_test.c
Examining data/bareos-17.2.7/src/lib/unittests/base64_test.c
Examining data/bareos-17.2.7/src/lib/unittests/bsnprintf_test.c
Examining data/bareos-17.2.7/src/lib/unittests/devlock_test.c
Examining data/bareos-17.2.7/src/lib/unittests/dlist_test.c
Examining data/bareos-17.2.7/src/lib/unittests/edit_test.c
Examining data/bareos-17.2.7/src/lib/unittests/htable_test.c
Examining data/bareos-17.2.7/src/lib/unittests/ini_test.c
Examining data/bareos-17.2.7/src/lib/unittests/junction_test.c
Examining data/bareos-17.2.7/src/lib/unittests/passphrase_test.c
Examining data/bareos-17.2.7/src/lib/unittests/protos.h
Examining data/bareos-17.2.7/src/lib/unittests/rblist_test.c
Examining data/bareos-17.2.7/src/lib/unittests/rwlock_test.c
Examining data/bareos-17.2.7/src/lib/unittests/scan_test.c
Examining data/bareos-17.2.7/src/lib/unittests/sellist_test.c
Examining data/bareos-17.2.7/src/lib/unittests/test_lib.c
Examining data/bareos-17.2.7/src/lib/unittests/tree_test.c
Examining data/bareos-17.2.7/src/lib/util.c
Examining data/bareos-17.2.7/src/lib/var.c
Examining data/bareos-17.2.7/src/lib/var.h
Examining data/bareos-17.2.7/src/lib/watchdog.c
Examining data/bareos-17.2.7/src/lib/watchdog.h
Examining data/bareos-17.2.7/src/lib/workq.c
Examining data/bareos-17.2.7/src/lib/workq.h
Examining data/bareos-17.2.7/src/lmdb/lmdb.h
Examining data/bareos-17.2.7/src/lmdb/mdb.c
Examining data/bareos-17.2.7/src/lmdb/midl.c
Examining data/bareos-17.2.7/src/lmdb/midl.h
Examining data/bareos-17.2.7/src/ndmp/md5.h
Examining data/bareos-17.2.7/src/ndmp/md5c.c
Examining data/bareos-17.2.7/src/ndmp/ndma_comm_dispatch.c
Examining data/bareos-17.2.7/src/ndmp/ndma_comm_job.c
Examining data/bareos-17.2.7/src/ndmp/ndma_comm_session.c
Examining data/bareos-17.2.7/src/ndmp/ndma_comm_subr.c
Examining data/bareos-17.2.7/src/ndmp/ndma_control.c
Examining data/bareos-17.2.7/src/ndmp/ndma_cops_backreco.c
Examining data/bareos-17.2.7/src/ndmp/ndma_cops_labels.c
Examining data/bareos-17.2.7/src/ndmp/ndma_cops_query.c
Examining data/bareos-17.2.7/src/ndmp/ndma_cops_robot.c
Examining data/bareos-17.2.7/src/ndmp/ndma_ctrl_calls.c
Examining data/bareos-17.2.7/src/ndmp/ndma_ctrl_conn.c
Examining data/bareos-17.2.7/src/ndmp/ndma_ctrl_media.c
Examining data/bareos-17.2.7/src/ndmp/ndma_ctrl_robot.c
Examining data/bareos-17.2.7/src/ndmp/ndma_ctst_data.c
Examining data/bareos-17.2.7/src/ndmp/ndma_ctst_mover.c
Examining data/bareos-17.2.7/src/ndmp/ndma_ctst_subr.c
Examining data/bareos-17.2.7/src/ndmp/ndma_ctst_tape.c
Examining data/bareos-17.2.7/src/ndmp/ndma_data.c
Examining data/bareos-17.2.7/src/ndmp/ndma_data_fh.c
Examining data/bareos-17.2.7/src/ndmp/ndma_data_pfe.c
Examining data/bareos-17.2.7/src/ndmp/ndma_image_stream.c
Examining data/bareos-17.2.7/src/ndmp/ndma_listmgmt.c
Examining data/bareos-17.2.7/src/ndmp/ndma_noti_calls.c
Examining data/bareos-17.2.7/src/ndmp/ndma_robot.c
Examining data/bareos-17.2.7/src/ndmp/ndma_robot_simulator.c
Examining data/bareos-17.2.7/src/ndmp/ndma_tape.c
Examining data/bareos-17.2.7/src/ndmp/ndma_tape_simulator.c
Examining data/bareos-17.2.7/src/ndmp/ndmagents.h
Examining data/bareos-17.2.7/src/ndmp/ndmjob.h
Examining data/bareos-17.2.7/src/ndmp/ndmjob_args.c
Examining data/bareos-17.2.7/src/ndmp/ndmjob_fhdb.c
Examining data/bareos-17.2.7/src/ndmp/ndmjob_job.c
Examining data/bareos-17.2.7/src/ndmp/ndmjob_main.c
Examining data/bareos-17.2.7/src/ndmp/ndmjob_main_util.c
Examining data/bareos-17.2.7/src/ndmp/ndmjob_rules.c
Examining data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c
Examining data/bareos-17.2.7/src/ndmp/ndmjr_none.c
Examining data/bareos-17.2.7/src/ndmp/ndmjr_none.h
Examining data/bareos-17.2.7/src/ndmp/ndml_agent.c
Examining data/bareos-17.2.7/src/ndmp/ndml_bstf.c
Examining data/bareos-17.2.7/src/ndmp/ndml_chan.c
Examining data/bareos-17.2.7/src/ndmp/ndml_config.c
Examining data/bareos-17.2.7/src/ndmp/ndml_conn.c
Examining data/bareos-17.2.7/src/ndmp/ndml_cstr.c
Examining data/bareos-17.2.7/src/ndmp/ndml_fhdb.c
Examining data/bareos-17.2.7/src/ndmp/ndml_fhh.c
Examining data/bareos-17.2.7/src/ndmp/ndml_log.c
Examining data/bareos-17.2.7/src/ndmp/ndml_md5.c
Examining data/bareos-17.2.7/src/ndmp/ndml_media.c
Examining data/bareos-17.2.7/src/ndmp/ndml_nmb.c
Examining data/bareos-17.2.7/src/ndmp/ndml_scsi.c
Examining data/bareos-17.2.7/src/ndmp/ndml_stzf.c
Examining data/bareos-17.2.7/src/ndmp/ndml_util.c
Examining data/bareos-17.2.7/src/ndmp/ndmlib.h
Examining data/bareos-17.2.7/src/ndmp/ndmos.c
Examining data/bareos-17.2.7/src/ndmp/ndmos.h
Examining data/bareos-17.2.7/src/ndmp/ndmos_common.c
Examining data/bareos-17.2.7/src/ndmp/ndmos_freebsd.c
Examining data/bareos-17.2.7/src/ndmp/ndmos_freebsd.h
Examining data/bareos-17.2.7/src/ndmp/ndmos_linux.c
Examining data/bareos-17.2.7/src/ndmp/ndmos_linux.h
Examining data/bareos-17.2.7/src/ndmp/ndmos_solaris.c
Examining data/bareos-17.2.7/src/ndmp/ndmos_solaris.h
Examining data/bareos-17.2.7/src/ndmp/ndmp0_enum_strs.c
Examining data/bareos-17.2.7/src/ndmp/ndmp0_enum_strs.h
Examining data/bareos-17.2.7/src/ndmp/ndmp0_pp.c
Examining data/bareos-17.2.7/src/ndmp/ndmp0_xmt.c
Examining data/bareos-17.2.7/src/ndmp/ndmp2_enum_strs.c
Examining data/bareos-17.2.7/src/ndmp/ndmp2_enum_strs.h
Examining data/bareos-17.2.7/src/ndmp/ndmp2_pp.c
Examining data/bareos-17.2.7/src/ndmp/ndmp2_translate.c
Examining data/bareos-17.2.7/src/ndmp/ndmp2_translate.h
Examining data/bareos-17.2.7/src/ndmp/ndmp2_xmt.c
Examining data/bareos-17.2.7/src/ndmp/ndmp3_enum_strs.c
Examining data/bareos-17.2.7/src/ndmp/ndmp3_enum_strs.h
Examining data/bareos-17.2.7/src/ndmp/ndmp3_pp.c
Examining data/bareos-17.2.7/src/ndmp/ndmp3_translate.c
Examining data/bareos-17.2.7/src/ndmp/ndmp3_translate.h
Examining data/bareos-17.2.7/src/ndmp/ndmp3_xmt.c
Examining data/bareos-17.2.7/src/ndmp/ndmp4_enum_strs.c
Examining data/bareos-17.2.7/src/ndmp/ndmp4_enum_strs.h
Examining data/bareos-17.2.7/src/ndmp/ndmp4_pp.c
Examining data/bareos-17.2.7/src/ndmp/ndmp4_translate.c
Examining data/bareos-17.2.7/src/ndmp/ndmp4_translate.h
Examining data/bareos-17.2.7/src/ndmp/ndmp4_xmt.c
Examining data/bareos-17.2.7/src/ndmp/ndmp9_enum_strs.c
Examining data/bareos-17.2.7/src/ndmp/ndmp9_enum_strs.h
Examining data/bareos-17.2.7/src/ndmp/ndmp9_xmt.c
Examining data/bareos-17.2.7/src/ndmp/ndmp_ammend.h
Examining data/bareos-17.2.7/src/ndmp/ndmp_msg_buf.h
Examining data/bareos-17.2.7/src/ndmp/ndmp_translate.c
Examining data/bareos-17.2.7/src/ndmp/ndmp_translate.h
Examining data/bareos-17.2.7/src/ndmp/ndmprotocol.c
Examining data/bareos-17.2.7/src/ndmp/ndmprotocol.h
Examining data/bareos-17.2.7/src/ndmp/scsiconst.h
Examining data/bareos-17.2.7/src/ndmp/smc.h
Examining data/bareos-17.2.7/src/ndmp/smc_api.c
Examining data/bareos-17.2.7/src/ndmp/smc_parse.c
Examining data/bareos-17.2.7/src/ndmp/smc_pp.c
Examining data/bareos-17.2.7/src/ndmp/smc_priv.h
Examining data/bareos-17.2.7/src/ndmp/smc_raw.h
Examining data/bareos-17.2.7/src/ndmp/wraplib.c
Examining data/bareos-17.2.7/src/ndmp/wraplib.h
Examining data/bareos-17.2.7/src/plugins/dird/example-plugin-dir.c
Examining data/bareos-17.2.7/src/plugins/dird/python-dir.c
Examining data/bareos-17.2.7/src/plugins/dird/python-dir.h
Examining data/bareos-17.2.7/src/plugins/filed/bpipe-fd.c
Examining data/bareos-17.2.7/src/plugins/filed/cephfs-fd.c
Examining data/bareos-17.2.7/src/plugins/filed/example-plugin-fd.c
Examining data/bareos-17.2.7/src/plugins/filed/fd_common.h
Examining data/bareos-17.2.7/src/plugins/filed/gfapi-fd.c
Examining data/bareos-17.2.7/src/plugins/filed/python-fd.c
Examining data/bareos-17.2.7/src/plugins/filed/python-fd.h
Examining data/bareos-17.2.7/src/plugins/filed/rados-fd.c
Examining data/bareos-17.2.7/src/plugins/filed/test-deltaseq-fd.c
Examining data/bareos-17.2.7/src/plugins/filed/test-plugin-fd.c
Examining data/bareos-17.2.7/src/plugins/stored/autoxflate-sd.c
Examining data/bareos-17.2.7/src/plugins/stored/example-plugin-sd.c
Examining data/bareos-17.2.7/src/plugins/stored/python-sd.c
Examining data/bareos-17.2.7/src/plugins/stored/python-sd.h
Examining data/bareos-17.2.7/src/plugins/stored/scsicrypto-sd.c
Examining data/bareos-17.2.7/src/plugins/stored/scsitapealert-sd.c
Examining data/bareos-17.2.7/src/qt-tray-monitor/authenticate.cpp
Examining data/bareos-17.2.7/src/qt-tray-monitor/authenticate.h
Examining data/bareos-17.2.7/src/qt-tray-monitor/mainwindow.cpp
Examining data/bareos-17.2.7/src/qt-tray-monitor/mainwindow.h
Examining data/bareos-17.2.7/src/qt-tray-monitor/monitoritem.cpp
Examining data/bareos-17.2.7/src/qt-tray-monitor/monitoritem.h
Examining data/bareos-17.2.7/src/qt-tray-monitor/monitoritemthread.cpp
Examining data/bareos-17.2.7/src/qt-tray-monitor/monitoritemthread.h
Examining data/bareos-17.2.7/src/qt-tray-monitor/monitortab.h
Examining data/bareos-17.2.7/src/qt-tray-monitor/systemtrayicon.cpp
Examining data/bareos-17.2.7/src/qt-tray-monitor/systemtrayicon.h
Examining data/bareos-17.2.7/src/qt-tray-monitor/tray-monitor.cpp
Examining data/bareos-17.2.7/src/qt-tray-monitor/tray-monitor.h
Examining data/bareos-17.2.7/src/qt-tray-monitor/tray_conf.cpp
Examining data/bareos-17.2.7/src/qt-tray-monitor/tray_conf.h
Examining data/bareos-17.2.7/src/qt-tray-monitor/traymenu.h
Examining data/bareos-17.2.7/src/qt-tray-monitor/traymenu.cpp
Examining data/bareos-17.2.7/src/stored/acquire.c
Examining data/bareos-17.2.7/src/stored/ansi_label.c
Examining data/bareos-17.2.7/src/stored/append.c
Examining data/bareos-17.2.7/src/stored/askdir.c
Examining data/bareos-17.2.7/src/stored/authenticate.c
Examining data/bareos-17.2.7/src/stored/autochanger.c
Examining data/bareos-17.2.7/src/stored/backends/cephfs_device.c
Examining data/bareos-17.2.7/src/stored/backends/cephfs_device.h
Examining data/bareos-17.2.7/src/stored/backends/chunked_device.c
Examining data/bareos-17.2.7/src/stored/backends/chunked_device.h
Examining data/bareos-17.2.7/src/stored/backends/droplet_device.c
Examining data/bareos-17.2.7/src/stored/backends/droplet_device.h
Examining data/bareos-17.2.7/src/stored/backends/elasto_device.c
Examining data/bareos-17.2.7/src/stored/backends/elasto_device.h
Examining data/bareos-17.2.7/src/stored/backends/generic_tape_device.c
Examining data/bareos-17.2.7/src/stored/backends/generic_tape_device.h
Examining data/bareos-17.2.7/src/stored/backends/gfapi_device.h
Examining data/bareos-17.2.7/src/stored/backends/rados_device.c
Examining data/bareos-17.2.7/src/stored/backends/rados_device.h
Examining data/bareos-17.2.7/src/stored/backends/unix_fifo_device.c
Examining data/bareos-17.2.7/src/stored/backends/unix_fifo_device.h
Examining data/bareos-17.2.7/src/stored/backends/unix_file_device.c
Examining data/bareos-17.2.7/src/stored/backends/unix_file_device.h
Examining data/bareos-17.2.7/src/stored/backends/unix_tape_device.c
Examining data/bareos-17.2.7/src/stored/backends/unix_tape_device.h
Examining data/bareos-17.2.7/src/stored/backends/gfapi_device.c
Examining data/bareos-17.2.7/src/stored/bcopy.c
Examining data/bareos-17.2.7/src/stored/bextract.c
Examining data/bareos-17.2.7/src/stored/block.c
Examining data/bareos-17.2.7/src/stored/block.h
Examining data/bareos-17.2.7/src/stored/bls.c
Examining data/bareos-17.2.7/src/stored/bscan.c
Examining data/bareos-17.2.7/src/stored/bsr.c
Examining data/bareos-17.2.7/src/stored/btape.c
Examining data/bareos-17.2.7/src/stored/butil.c
Examining data/bareos-17.2.7/src/stored/crc32.c
Examining data/bareos-17.2.7/src/stored/dev.c
Examining data/bareos-17.2.7/src/stored/dev.h
Examining data/bareos-17.2.7/src/stored/device.c
Examining data/bareos-17.2.7/src/stored/dir_cmd.c
Examining data/bareos-17.2.7/src/stored/ebcdic.c
Examining data/bareos-17.2.7/src/stored/fd_cmds.c
Examining data/bareos-17.2.7/src/stored/job.c
Examining data/bareos-17.2.7/src/stored/label.c
Examining data/bareos-17.2.7/src/stored/lock.c
Examining data/bareos-17.2.7/src/stored/lock.h
Examining data/bareos-17.2.7/src/stored/mac.c
Examining data/bareos-17.2.7/src/stored/mount.c
Examining data/bareos-17.2.7/src/stored/ndmp_tape.c
Examining data/bareos-17.2.7/src/stored/protos.h
Examining data/bareos-17.2.7/src/stored/read.c
Examining data/bareos-17.2.7/src/stored/read_record.c
Examining data/bareos-17.2.7/src/stored/record.c
Examining data/bareos-17.2.7/src/stored/record.h
Examining data/bareos-17.2.7/src/stored/reserve.c
Examining data/bareos-17.2.7/src/stored/reserve.h
Examining data/bareos-17.2.7/src/stored/scan.c
Examining data/bareos-17.2.7/src/stored/sd_backends.c
Examining data/bareos-17.2.7/src/stored/sd_backends.h
Examining data/bareos-17.2.7/src/stored/sd_cmds.c
Examining data/bareos-17.2.7/src/stored/sd_plugins.c
Examining data/bareos-17.2.7/src/stored/sd_plugins.h
Examining data/bareos-17.2.7/src/stored/sd_stats.c
Examining data/bareos-17.2.7/src/stored/socket_server.c
Examining data/bareos-17.2.7/src/stored/spool.c
Examining data/bareos-17.2.7/src/stored/status.c
Examining data/bareos-17.2.7/src/stored/stored.c
Examining data/bareos-17.2.7/src/stored/stored.h
Examining data/bareos-17.2.7/src/stored/stored_conf.c
Examining data/bareos-17.2.7/src/stored/stored_conf.h
Examining data/bareos-17.2.7/src/stored/vol_mgr.c
Examining data/bareos-17.2.7/src/stored/vol_mgr.h
Examining data/bareos-17.2.7/src/stored/wait.c
Examining data/bareos-17.2.7/src/tests/bbatch.c
Examining data/bareos-17.2.7/src/tests/bregtest.c
Examining data/bareos-17.2.7/src/tests/cats_test.c
Examining data/bareos-17.2.7/src/tests/gigaslam.c
Examining data/bareos-17.2.7/src/tests/grow.c
Examining data/bareos-17.2.7/src/tests/ing_test.c
Examining data/bareos-17.2.7/src/tests/testls.c
Examining data/bareos-17.2.7/src/tools/assert_macro.h
Examining data/bareos-17.2.7/src/tools/bpluginfo.c
Examining data/bareos-17.2.7/src/tools/bregex.c
Examining data/bareos-17.2.7/src/tools/bscrypto.c
Examining data/bareos-17.2.7/src/tools/bsmtp.c
Examining data/bareos-17.2.7/src/tools/bwild.c
Examining data/bareos-17.2.7/src/tools/drivetype.c
Examining data/bareos-17.2.7/src/tools/fstype.c
Examining data/bareos-17.2.7/src/tools/smtp-orig.c
Examining data/bareos-17.2.7/src/tools/timelimit.c
Examining data/bareos-17.2.7/src/win32/compat/compat.c
Examining data/bareos-17.2.7/src/win32/compat/glob.c
Examining data/bareos-17.2.7/src/win32/compat/include/alloca.h
Examining data/bareos-17.2.7/src/win32/compat/include/arpa/inet.h
Examining data/bareos-17.2.7/src/win32/compat/include/compat.h
Examining data/bareos-17.2.7/src/win32/compat/include/dirent.h
Examining data/bareos-17.2.7/src/win32/compat/include/dlfcn.h
Examining data/bareos-17.2.7/src/win32/compat/include/getopt.h
Examining data/bareos-17.2.7/src/win32/compat/include/glob.h
Examining data/bareos-17.2.7/src/win32/compat/include/grp.h
Examining data/bareos-17.2.7/src/win32/compat/include/mingwconfig.h
Examining data/bareos-17.2.7/src/win32/compat/include/ms_atl.h
Examining data/bareos-17.2.7/src/win32/compat/include/mswinver.h
Examining data/bareos-17.2.7/src/win32/compat/include/netdb.h
Examining data/bareos-17.2.7/src/win32/compat/include/netinet/in.h
Examining data/bareos-17.2.7/src/win32/compat/include/netinet/tcp.h
Examining data/bareos-17.2.7/src/win32/compat/include/pwd.h
Examining data/bareos-17.2.7/src/win32/compat/include/stdint.h
Examining data/bareos-17.2.7/src/win32/compat/include/strings.h
Examining data/bareos-17.2.7/src/win32/compat/include/sys/file.h
Examining data/bareos-17.2.7/src/win32/compat/include/sys/ioctl.h
Examining data/bareos-17.2.7/src/win32/compat/include/sys/mtio.h
Examining data/bareos-17.2.7/src/win32/compat/include/sys/socket.h
Examining data/bareos-17.2.7/src/win32/compat/include/sys/stat.h
Examining data/bareos-17.2.7/src/win32/compat/include/sys/time.h
Examining data/bareos-17.2.7/src/win32/compat/include/sys/wait.h
Examining data/bareos-17.2.7/src/win32/compat/include/syslog.h
Examining data/bareos-17.2.7/src/win32/compat/include/unistd.h
Examining data/bareos-17.2.7/src/win32/compat/include/winhost.h
Examining data/bareos-17.2.7/src/win32/compat/include/winsock.h
Examining data/bareos-17.2.7/src/win32/compat/print.c
Examining data/bareos-17.2.7/src/win32/compat/winapi.c
Examining data/bareos-17.2.7/src/win32/dird/who.h
Examining data/bareos-17.2.7/src/win32/filed/vss.c
Examining data/bareos-17.2.7/src/win32/filed/vss_Vista.c
Examining data/bareos-17.2.7/src/win32/filed/vss_W2K3.c
Examining data/bareos-17.2.7/src/win32/filed/vss_XP.c
Examining data/bareos-17.2.7/src/win32/filed/vss_generic.c
Examining data/bareos-17.2.7/src/win32/filed/who.h
Examining data/bareos-17.2.7/src/win32/findlib/win32.c
Examining data/bareos-17.2.7/src/win32/generic/main.c
Examining data/bareos-17.2.7/src/win32/generic/protos.h
Examining data/bareos-17.2.7/src/win32/generic/res.h
Examining data/bareos-17.2.7/src/win32/generic/service.c
Examining data/bareos-17.2.7/src/win32/generic/win32.h
Examining data/bareos-17.2.7/src/win32/include/vss.h
Examining data/bareos-17.2.7/src/win32/include/winapi.h
Examining data/bareos-17.2.7/src/win32/plugins/filed/mssqlvdi-fd.c
Examining data/bareos-17.2.7/src/win32/stored/backends/win32_fifo_device.c
Examining data/bareos-17.2.7/src/win32/stored/backends/win32_fifo_device.h
Examining data/bareos-17.2.7/src/win32/stored/backends/win32_file_device.c
Examining data/bareos-17.2.7/src/win32/stored/backends/win32_file_device.h
Examining data/bareos-17.2.7/src/win32/stored/backends/win32_tape_device.c
Examining data/bareos-17.2.7/src/win32/stored/backends/win32_tape_device.h
Examining data/bareos-17.2.7/src/win32/stored/who.h
FINAL RESULTS:
data/bareos-17.2.7/src/findlib/attribs.c:54:16: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
#define lchown chown
data/bareos-17.2.7/src/findlib/attribs.c:61:16: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
#define lchmod chmod
data/bareos-17.2.7/src/findlib/find_one.c:534:11: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
size = readlink(fname, buffer, path_max + name_max + 101);
data/bareos-17.2.7/src/findlib/mkpath.c:46:16: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
#define lchown chown
data/bareos-17.2.7/src/findlib/mkpath.c:53:16: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
#define lchmod chmod
data/bareos-17.2.7/src/findlib/xattr.c:2955:11: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if (readlink(attrname, link_source, sizeof(link_source)) < 0) {
data/bareos-17.2.7/src/lmdb/mdb.c:4932:4: [5] (misc) SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (CWE-732).
SetSecurityDescriptorDacl(&mdb_null_sd, TRUE, 0, FALSE);
data/bareos-17.2.7/src/lmdb/mdb.c:4932:4: [5] (misc) SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (CWE-732).
SetSecurityDescriptorDacl(&mdb_null_sd, TRUE, 0, FALSE);
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:306:7: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
rc = readlink (pos_symlink_name, pos_buf, sizeof pos_buf);
data/bareos-17.2.7/src/stored/backends/unix_file_device.c:297:4: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown(archive_name.c_str(), st.st_uid, st.st_gid);
data/bareos-17.2.7/src/win32/compat/compat.c:920:5: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
int chown(const char *k, uid_t, gid_t)
data/bareos-17.2.7/src/win32/compat/compat.c:2050:9: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
ssize_t readlink(const char *path, char *buf, size_t bufsiz)
data/bareos-17.2.7/src/win32/compat/include/compat.h:244:5: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
int chown(const char *, uid_t uid, gid_t gid);
data/bareos-17.2.7/src/win32/compat/include/compat.h:288:9: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
ssize_t readlink(const char *path, char *buf, size_t bufsiz);
data/bareos-17.2.7/src/win32/stored/backends/win32_file_device.c:288:7: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown(archive_name.c_str(), st.st_uid, st.st_gid);
data/bareos-17.2.7/platforms/freebsd/tapetest.c:584:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, prompt);
data/bareos-17.2.7/src/cats/bvfs.c:856:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
tmp.strcat("%");
data/bareos-17.2.7/src/cats/bvfs.c:863:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
query.strcat(" UNION ");
data/bareos-17.2.7/src/cats/bvfs.c:871:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
query.strcat(tmp.c_str());
data/bareos-17.2.7/src/cats/bvfs.c:874:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
query.strcat(" UNION ");
data/bareos-17.2.7/src/cats/bvfs.c:885:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
query.strcat(tmp.c_str());
data/bareos-17.2.7/src/cats/bvfs.c:898:22: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
query.strcat(" UNION ");
data/bareos-17.2.7/src/cats/bvfs.c:901:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
tmp.strcat(") UNION ");
data/bareos-17.2.7/src/cats/bvfs.c:902:19: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
query.strcat(tmp.c_str());
data/bareos-17.2.7/src/cats/bvfs.c:912:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
tmp.strcat(tmp2.c_str());
data/bareos-17.2.7/src/cats/bvfs.c:917:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
tmp.strcat(") ");
data/bareos-17.2.7/src/cats/bvfs.c:918:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
query.strcat(tmp.c_str());
data/bareos-17.2.7/src/cats/dbi.c:263:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_db_dir, working_directory);
data/bareos-17.2.7/src/cats/dbi.c:267:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_db_name, m_db_name);
data/bareos-17.2.7/src/cats/sql.c:900:22: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
value.strcat("\n");
data/bareos-17.2.7/src/cats/sqlite.c:176:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(db_path, working_directory);
data/bareos-17.2.7/src/cats/sqlite.c:178:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(db_path, m_db_name);
data/bareos-17.2.7/src/console/console.c:114:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bareos-17.2.7/src/console/console.c:373:13: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
passwd = getpass(prompt);
data/bareos-17.2.7/src/console/console.c:598:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret, name);
data/bareos-17.2.7/src/dird/authenticate.c:174:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(fd->msg, FDOKnewHello, &jcr->FDVersion) != 1) {
data/bareos-17.2.7/src/dird/backup.c:717:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(fd->msg, EndJob, &jcr->FDJobStatus, &JobFiles,
data/bareos-17.2.7/src/dird/bsr.c:102:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
pool_buf->strcat(item.c_str());
data/bareos-17.2.7/src/dird/catreq.c:141:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(bs->msg, Find_media, &Job, &index, &pool_name, &mr.MediaType, unwanted_volumes.c_str()) == 5) {
data/bareos-17.2.7/src/dird/catreq.c:163:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
} else if (sscanf(bs->msg, Get_Vol_Info, &Job, &mr.VolumeName, &writing) == 3) {
data/bareos-17.2.7/src/dird/catreq.c:218:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
} else if (sscanf(bs->msg, Update_media, &Job, &sdmr.VolumeName,
data/bareos-17.2.7/src/dird/catreq.c:340:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
} else if (sscanf(bs->msg, Create_job_media, &Job,
data/bareos-17.2.7/src/dird/dird.c:174:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bareos-17.2.7/src/dird/dird_conf.c:1003:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
key.strcat(item->name);
data/bareos-17.2.7/src/dird/dird_conf.c:1052:37: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
configure_usage_string->strcat("add ");
data/bareos-17.2.7/src/dird/dird_conf.c:1053:26: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
resourcename.strcpy(resources[r].name);
data/bareos-17.2.7/src/dird/dird_conf.c:1055:37: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
configure_usage_string->strcat(resourcename);
data/bareos-17.2.7/src/dird/dird_conf.c:1057:37: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
configure_usage_string->strcat(" |\n");
data/bareos-17.2.7/src/dird/dird_conf.c:1063:31: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
configure_usage_string->strcat("export client=<client>");
data/bareos-17.2.7/src/dird/fd_cmds.c:295:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(fd->msg, OKgetSecureEraseCmd, jcr->FDSecureEraseCmd) == 1) {
data/bareos-17.2.7/src/dird/fd_cmds.c:956:18: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((len = sscanf(fd->msg, "%ld %d %s", &file_index, &stream, Digest.c_str())) != 3) {
data/bareos-17.2.7/src/dird/getmsg.c:291:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(bs->msg, Job_status, &Job, &JobStatus) == 2) {
data/bareos-17.2.7/src/dird/getmsg.c:309:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(bs->msg, Device_update,
data/bareos-17.2.7/src/dird/inc_conf.c:144:40: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
compressalgos->strcat(",");
data/bareos-17.2.7/src/dird/inc_conf.c:146:40: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
compressalgos->strcat(" (");
data/bareos-17.2.7/src/dird/inc_conf.c:148:37: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
compressalgos->strcat(fs_opt->name);
data/bareos-17.2.7/src/dird/inc_conf.c:163:22: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
compressalgos->strcat(")");
data/bareos-17.2.7/src/dird/msgchan.c:228:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, OK_job, &jcr->VolSessionId,
data/bareos-17.2.7/src/dird/msgchan.c:302:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
ok = sscanf(sd->msg, OK_device, device_name.c_str()) == 1;
data/bareos-17.2.7/src/dird/msgchan.c:340:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
ok = sscanf(sd->msg, OK_device, device_name.c_str()) == 1;
data/bareos-17.2.7/src/dird/msgchan.c:440:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, OK_nextrun, &auth_key) == 1) {
data/bareos-17.2.7/src/dird/msgchan.c:452:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, Job_start, Job) == 1) {
data/bareos-17.2.7/src/dird/msgchan.c:459:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, Job_end, Job, &JobStatus, &JobFiles,
data/bareos-17.2.7/src/dird/sd_cmds.c:204:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, readlabelresponse, VolName, &rtn_slot) == 2) {
data/bareos-17.2.7/src/dird/sd_cmds.c:546:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, changerslotsresponse, &slots) == 1) {
data/bareos-17.2.7/src/dird/sd_cmds.c:580:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, changerdrivesresponse, &drives) == 1) {
data/bareos-17.2.7/src/dird/sd_cmds.c:891:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, OKSecureEraseCmd, jcr->SDSecureEraseCmd) == 1) {
data/bareos-17.2.7/src/dird/socket_server.c:92:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if ((sscanf(bs->msg, hello_client_with_version, name, &fd_protocol_version) == 2) ||
data/bareos-17.2.7/src/dird/socket_server.c:93:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
(sscanf(bs->msg, hello_client, name) == 1)) {
data/bareos-17.2.7/src/dird/stats.c:256:23: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, DevStats, &dsr.SampleTime, DevName.c_str(), &dsr.ReadBytes,
data/bareos-17.2.7/src/dird/stats.c:283:23: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, TapeAlerts, &tsr.SampleTime, DevName.c_str(), &tsr.AlertFlags) == 3) {
data/bareos-17.2.7/src/dird/stats.c:304:23: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, JobStats, &jsr.SampleTime, &jsr.JobId, &jsr.JobFiles, &jsr.JobBytes, DevName.c_str()) == 5) {
data/bareos-17.2.7/src/dird/ua_cmds.c:1937:18: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
volumes.strcat(tmp.c_str());
data/bareos-17.2.7/src/dird/ua_configure.c:136:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resource.strcat(temp);
data/bareos-17.2.7/src/dird/ua_configure.c:144:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resource.strcat(res_table->name);
data/bareos-17.2.7/src/dird/ua_configure.c:145:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resource.strcat(" {\n");
data/bareos-17.2.7/src/dird/ua_configure.c:153:20: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resourcename.strcat(ua->argv[first_parameter - 1]);
data/bareos-17.2.7/src/dird/ua_configure.c:165:23: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resourcename.strcat(ua->argv[i]);
data/bareos-17.2.7/src/dird/ua_configure.c:171:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resource.strcat("}\n");
data/bareos-17.2.7/src/dird/ua_configure.c:193:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resource.strcat("Director {\n");
data/bareos-17.2.7/src/dird/ua_configure.c:208:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resource.strcat("}\n");
data/bareos-17.2.7/src/dird/ua_configure.c:243:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
filename_tmp.strcpy(temp);
data/bareos-17.2.7/src/dird/ua_configure.c:300:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
filename_tmp.strcpy(temp);
data/bareos-17.2.7/src/dird/ua_dotcmds.c:1565:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
devices.strcpy(device->name());
data/bareos-17.2.7/src/dird/ua_dotcmds.c:1568:27: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
devices.strcat(",");
data/bareos-17.2.7/src/dird/ua_dotcmds.c:1569:27: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
devices.strcat(device->name());
data/bareos-17.2.7/src/dird/ua_output.c:1078:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
selection.strcpy("");
data/bareos-17.2.7/src/dird/ua_output.c:1137:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
selection.strcpy(default_selection);
data/bareos-17.2.7/src/dird/ua_output.c:1149:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
selection.strcpy("");
data/bareos-17.2.7/src/dird/ua_output.c:1191:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
selection.strcpy(default_selection);
data/bareos-17.2.7/src/dird/ua_output.c:1540:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ua->UA_sock->msg, msg);
data/bareos-17.2.7/src/dird/ua_output.c:1894:18: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
message.strcat(usage);
data/bareos-17.2.7/src/dird/ua_status.c:348:20: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
dbdrivers.strcat(" ");
data/bareos-17.2.7/src/dird/ua_status.c:350:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
dbdrivers.strcat(catalog->db_driver);
data/bareos-17.2.7/src/filed/authenticate.c:105:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(dir->msg, "Hello Director %s calling", dirname.check_size(dir->msglen)) != 1) {
data/bareos-17.2.7/src/filed/backup.c:1561:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ff_pkt->fname, ff_pkt->fname_save);
data/bareos-17.2.7/src/filed/backup.c:1565:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ff_pkt->link, ff_pkt->link_save);
data/bareos-17.2.7/src/filed/dir_cmd.c:649:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
number = sscanf(string, OKversion, &name, &version, &day, &month, &year);
data/bareos-17.2.7/src/filed/dir_cmd.c:794:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(dir->msg, resolvecmd, &hostname);
data/bareos-17.2.7/src/filed/dir_cmd.c:868:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, setauthorizationcmd, sd_auth_key.c_str()) != 1) {
data/bareos-17.2.7/src/filed/dir_cmd.c:890:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, setbandwidthcmd, &bw, Job) != 2 || bw < 0) {
data/bareos-17.2.7/src/filed/dir_cmd.c:926:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
scan = sscanf(dir->msg, setdebugv2cmd, &level, &trace_flag, &hangup_flag, ×tamp_flag);
data/bareos-17.2.7/src/filed/dir_cmd.c:928:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
scan = sscanf(dir->msg, setdebugv1cmd, &level, &trace_flag, &hangup_flag);
data/bareos-17.2.7/src/filed/dir_cmd.c:931:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
scan = sscanf(dir->msg, setdebugv0cmd, &level, &trace_flag);
data/bareos-17.2.7/src/filed/dir_cmd.c:976:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, estimatecmd, &jcr->listing) != 1) {
data/bareos-17.2.7/src/filed/dir_cmd.c:1002:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, jobcmd, &jcr->JobId, jcr->Job,
data/bareos-17.2.7/src/filed/dir_cmd.c:1043:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, runbeforecmd, cmd) != 1) {
data/bareos-17.2.7/src/filed/dir_cmd.c:1106:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, runaftercmd, cmd) != 1) {
data/bareos-17.2.7/src/filed/dir_cmd.c:1155:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, runscriptcmd, &on_success, &on_failure,
data/bareos-17.2.7/src/filed/dir_cmd.c:1188:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, pluginoptionscmd, msg) != 1) {
data/bareos-17.2.7/src/filed/dir_cmd.c:1228:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, restoreobjcmd, &rop.JobId, &rop.object_len,
data/bareos-17.2.7/src/filed/dir_cmd.c:1236:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, restoreobjcmd1, &rop.JobId, &rop.object_len,
data/bareos-17.2.7/src/filed/dir_cmd.c:1482:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(dir->msg, "level = %s ", level) != 1) {
data/bareos-17.2.7/src/filed/dir_cmd.c:1517:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(dir->msg, "level = since_utime %s mtime_only=%d prev_job=%127s",
data/bareos-17.2.7/src/filed/dir_cmd.c:1519:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(dir->msg, "level = since_utime %s mtime_only=%d",
data/bareos-17.2.7/src/filed/dir_cmd.c:1536:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(dir->msg, "btime %s", buf) != 1) {
data/bareos-17.2.7/src/filed/dir_cmd.c:1607:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, sessioncmd, jcr->VolumeName,
data/bareos-17.2.7/src/filed/dir_cmd.c:1670:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, storaddrv1cmd, stored_addr, &stored_port,
data/bareos-17.2.7/src/filed/dir_cmd.c:1672:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, storaddrv0cmd, stored_addr,
data/bareos-17.2.7/src/filed/dir_cmd.c:1998:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, OK_open, &jcr->Ticket) != 1) {
data/bareos-17.2.7/src/filed/dir_cmd.c:2139:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, OK_close, &SDJobStatus) == 1) {
data/bareos-17.2.7/src/filed/dir_cmd.c:2187:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, verifycmd, level) != 1) {
data/bareos-17.2.7/src/filed/dir_cmd.c:2343:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, restorecmd, &replace, &prefix_links, args) != 3) {
data/bareos-17.2.7/src/filed/dir_cmd.c:2344:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, restorecmdR, &replace, &prefix_links, args) != 3){
data/bareos-17.2.7/src/filed/dir_cmd.c:2345:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, restorecmd1, &replace, &prefix_links) != 2) {
data/bareos-17.2.7/src/filed/dir_cmd.c:2544:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, OK_open, &jcr->Ticket) != 1) {
data/bareos-17.2.7/src/filed/filed.c:57:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bareos-17.2.7/src/filed/restore.c:489:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, rec_header, &VolSessionId, &VolSessionTime, &file_index,
data/bareos-17.2.7/src/filed/status.c:483:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, qstatus, cmd) != 1) {
data/bareos-17.2.7/src/filed/verify_vol.c:91:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, rec_header, &VolSessionId, &VolSessionTime, &file_index,
data/bareos-17.2.7/src/findlib/match.c:379:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inc->fname, rp);
data/bareos-17.2.7/src/findlib/match.c:444:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exc->fname, fname);
data/bareos-17.2.7/src/include/baconfig.h:584:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define sscanf bsscanf
data/bareos-17.2.7/src/include/baconfig.h:587:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define bstrdup(str) strcpy((char *)b_malloc(__FILE__,__LINE__, strlen((str))+1), (str))
data/bareos-17.2.7/src/include/baconfig.h:589:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define bstrdup(str) strcpy((char *)bmalloc(strlen((str))+1),(str))
data/bareos-17.2.7/src/lib/attr.c:146:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, p+1);
data/bareos-17.2.7/src/lib/attr.c:253:20: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resultbuffer.strcat("---------- - - - - ---------- --------");
data/bareos-17.2.7/src/lib/attr.c:269:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resultbuffer.strcat(buf);
data/bareos-17.2.7/src/lib/attr.c:275:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resultbuffer.strcat(attr->ofname);
data/bareos-17.2.7/src/lib/attr.c:277:20: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resultbuffer.strcat(" -> ");
data/bareos-17.2.7/src/lib/attr.c:278:20: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resultbuffer.strcat(attr->olname);
data/bareos-17.2.7/src/lib/attr.c:287:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resultbuffer.strcat("\n");
data/bareos-17.2.7/src/lib/attr.c:297:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resultbuffer.strcat(" ");
data/bareos-17.2.7/src/lib/attr.c:299:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resultbuffer.strcat("\n");
data/bareos-17.2.7/src/lib/bpipe.c:149:7: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(bargv[0], bargv); /* call the program */
data/bareos-17.2.7/src/lib/breg.c:244:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result,fname);
data/bareos-17.2.7/src/lib/breg.c:324:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result + i, fname + pmatch[0].rm_eo);
data/bareos-17.2.7/src/lib/bsys.c:471:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(str, size, format, ap);
data/bareos-17.2.7/src/lib/bsys.c:481:10: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
len = vsprintf(buf, format, ap);
data/bareos-17.2.7/src/lib/bsys.c:525:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(entry->d_name, ndir->d_name);
data/bareos-17.2.7/src/lib/bsys.c:1024:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
directory.strcpy(path);
data/bareos-17.2.7/src/lib/bsys.c:1269:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret_buffer[i], linebuffer);
data/bareos-17.2.7/src/lib/bsys.c:1276:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(ret[i], ret_buffer[i]);
data/bareos-17.2.7/src/lib/cram-md5.c:125:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(bs->msg, "auth cram-md5c %s ssl=%d", chal.c_str(), tls_remote_need) == 2) {
data/bareos-17.2.7/src/lib/cram-md5.c:127:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (sscanf(bs->msg, "auth cram-md5 %s ssl=%d", chal.c_str(), tls_remote_need) != 2) {
data/bareos-17.2.7/src/lib/cram-md5.c:128:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(bs->msg, "auth cram-md5 %s\n", chal.c_str()) != 1) {
data/bareos-17.2.7/src/lib/edit.c:658:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, val);
data/bareos-17.2.7/src/lib/lockmgr.c:1089:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int ret = system(buf);
data/bareos-17.2.7/src/lib/mem_pool.c:689:15: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
int POOL_MEM::strcat(POOL_MEM &str)
data/bareos-17.2.7/src/lib/mem_pool.c:691:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
return strcat(str.c_str());
data/bareos-17.2.7/src/lib/mem_pool.c:694:15: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
int POOL_MEM::strcat(const char *str)
data/bareos-17.2.7/src/lib/mem_pool.c:707:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
int POOL_MEM::strcpy(POOL_MEM &str)
data/bareos-17.2.7/src/lib/mem_pool.c:709:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(str.c_str());
data/bareos-17.2.7/src/lib/mem_pool.c:712:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
int POOL_MEM::strcpy(const char *str)
data/bareos-17.2.7/src/lib/mem_pool.h:94:74: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
POOL_MEM(const char *str) { mem = get_pool_memory(PM_NAME); *mem = 0; strcpy(str); }
data/bareos-17.2.7/src/lib/mem_pool.h:105:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
int strcpy(POOL_MEM &str);
data/bareos-17.2.7/src/lib/mem_pool.h:106:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
int strcpy(const char *str);
data/bareos-17.2.7/src/lib/mem_pool.h:107:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
int strcat(POOL_MEM &str);
data/bareos-17.2.7/src/lib/mem_pool.h:108:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
int strcat(const char *str);
data/bareos-17.2.7/src/lib/message.c:228:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exename, l);
data/bareos-17.2.7/src/lib/message.c:242:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exepath, cpath);
data/bareos-17.2.7/src/lib/message.c:1855:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(item->msg, buf.c_str());
data/bareos-17.2.7/src/lib/output_formatter.c:231:29: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
result_message_plain->strcat(string);
data/bareos-17.2.7/src/lib/output_formatter.c:262:32: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
result_message_plain->strcat(string);
data/bareos-17.2.7/src/lib/output_formatter.c:270:32: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
result_message_plain->strcat(string);
data/bareos-17.2.7/src/lib/output_formatter.c:301:32: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
result_message_plain->strcat(string);
data/bareos-17.2.7/src/lib/output_formatter.c:305:32: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
result_message_plain->strcat(string);
data/bareos-17.2.7/src/lib/output_formatter.c:339:32: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
result_message_plain->strcat(string);
data/bareos-17.2.7/src/lib/output_formatter.c:343:32: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
result_message_plain->strcat(string);
data/bareos-17.2.7/src/lib/output_formatter.c:427:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
string.strcpy(rewrap_string);
data/bareos-17.2.7/src/lib/output_formatter.c:630:23: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
error_msg.strcat("Message: ");
data/bareos-17.2.7/src/lib/output_formatter.c:631:23: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
error_msg.strcat(result_message_plain->c_str());
data/bareos-17.2.7/src/lib/output_formatter.c:632:23: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
error_msg.strcat("\n");
data/bareos-17.2.7/src/lib/output_formatter.c:634:23: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
error_msg.strcat("Maybe result message to long?\n");
data/bareos-17.2.7/src/lib/output_formatter.c:638:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
result_message_plain->strcpy("");
data/bareos-17.2.7/src/lib/output_formatter.c:880:23: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
error_msg.strcat("Message: ");
data/bareos-17.2.7/src/lib/output_formatter.c:881:23: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
error_msg.strcat(string);
data/bareos-17.2.7/src/lib/output_formatter.c:882:23: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
error_msg.strcat("\n");
data/bareos-17.2.7/src/lib/output_formatter.c:884:23: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
error_msg.strcat("Maybe result message to long?\n");
data/bareos-17.2.7/src/lib/parse_conf.c:79:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, arg_ptr);
data/bareos-17.2.7/src/lib/parse_conf.c:481:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
full_path.strcpy(config_dir);
data/bareos-17.2.7/src/lib/parse_conf.c:503:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
full_path.strcpy(config_dir);
data/bareos-17.2.7/src/lib/parse_conf.c:536:27: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
config_path_file.strcpy(full_path);
data/bareos-17.2.7/src/lib/parse_conf.c:552:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
config_path_file.strcpy(full_path);
data/bareos-17.2.7/src/lib/parse_conf.c:562:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
full_path.strcpy(m_cf);
data/bareos-17.2.7/src/lib/parse_conf.c:905:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
resourcetype_lowercase.strcpy("*");
data/bareos-17.2.7/src/lib/parse_conf.c:919:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
path.strcpy(m_config_dir);
data/bareos-17.2.7/src/lib/signal.c:114:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(buf1);
data/bareos-17.2.7/src/lib/signal.c:183:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(exepath, exename);
data/bareos-17.2.7/src/lib/signal.c:221:14: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (execv(btpath, argv) != 0) {
data/bareos-17.2.7/src/lib/signal.c:275:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(buf);
data/bareos-17.2.7/src/lib/tree.c:349:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(node->fname, fname);
data/bareos-17.2.7/src/lib/unittests/bsnprintf_test.c:154:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf2, fp_fmt[x], fp_nums[y]);
data/bareos-17.2.7/src/lib/unittests/bsnprintf_test.c:162:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
pcount = sprintf(buf2, int_fmt[x], int_nums[y]);
data/bareos-17.2.7/src/lib/unittests/bsnprintf_test.c:172:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
pcount = sprintf(buf2, ll_fmt[x], ll_nums[y]);
data/bareos-17.2.7/src/lib/unittests/bsnprintf_test.c:183:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
pcount = sprintf(buf2, s_fmt[x], s_nums[y]);
data/bareos-17.2.7/src/lib/unittests/bsnprintf_test.c:194:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
pcount = sprintf(buf2, ls_fmt[x], ls_nums[y]);
data/bareos-17.2.7/src/lib/unittests/edit_test.c:54:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, str[i]);
data/bareos-17.2.7/src/lib/unittests/ini_test.c:131:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("cp -f test.cfg test3.cfg");
data/bareos-17.2.7/src/lib/unittests/junction_test.c:89:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, TESTSTRING);
data/bareos-17.2.7/src/lib/unittests/junction_test.c:101:4: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf( f, "%s", s);
data/bareos-17.2.7/src/lib/unittests/scan_test.c:94:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(assertbuf, "%s %d %lld", buf, val32, val64);
data/bareos-17.2.7/src/lib/unittests/scan_test.c:103:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(assertbuf,"cnt=%d Job=%s\n", cnt, Job);
data/bareos-17.2.7/src/lib/unittests/scan_test.c:108:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(assertbuf, "cnt=%d Agent=%s", cnt, Job);
data/bareos-17.2.7/src/lib/unittests/scan_test.c:122:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(assertbuf, "cnt=%d Vol=%s", cnt, vol.VolCatName);
data/bareos-17.2.7/src/lib/unittests/scan_test.c:135:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(assertbuf,"cnt=%d Job=%s MediaType=%s\n", cnt, Job, MediaType);
data/bareos-17.2.7/src/lib/util.c:214:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
indent.strcat(" ");
data/bareos-17.2.7/src/lib/util.c:216:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
indent.strcat(separator);
data/bareos-17.2.7/src/lib/util.c:218:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resultbuffer.strcat(separator);
data/bareos-17.2.7/src/lib/util.c:223:23: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resultbuffer.strcat(indent);
data/bareos-17.2.7/src/lib/util.c:225:20: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resultbuffer.strcat(p1);
data/bareos-17.2.7/src/lib/util.c:226:20: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resultbuffer.strcat("\n");
data/bareos-17.2.7/src/lib/util.c:232:20: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resultbuffer.strcat(indent);
data/bareos-17.2.7/src/lib/util.c:234:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resultbuffer.strcat(p1);
data/bareos-17.2.7/src/lmdb/mdb.c:4225:3: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access |= SECTION_MAP_WRITE;
data/bareos-17.2.7/src/lmdb/mdb.c:4238:28: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
rc = NtCreateSection(&mh, access, NULL, NULL, secprot, SEC_RESERVE, env->me_fd);
data/bareos-17.2.7/src/lmdb/mdb.c:4945:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(env->me_txns->mti_rmname, "Global\\MDBr%s", encbuf);
data/bareos-17.2.7/src/lmdb/mdb.c:4946:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(env->me_txns->mti_wmname, "Global\\MDBw%s", encbuf);
data/bareos-17.2.7/src/lmdb/mdb.c:4972:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(env->me_txns->mti_rmname, "/MDBr%s", encbuf);
data/bareos-17.2.7/src/lmdb/mdb.c:4973:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(env->me_txns->mti_wmname, "/MDBw%s", encbuf);
data/bareos-17.2.7/src/lmdb/mdb.c:5143:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(lpath, "%s" LOCKSUFF, path);
data/bareos-17.2.7/src/lmdb/mdb.c:5144:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dpath, path);
data/bareos-17.2.7/src/lmdb/mdb.c:5147:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(lpath, "%s" LOCKNAME, path);
data/bareos-17.2.7/src/lmdb/mdb.c:5148:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(dpath, "%s" DATANAME, path);
data/bareos-17.2.7/src/lmdb/mdb.c:10153:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(lpath, "%s" DATANAME, path);
data/bareos-17.2.7/src/lmdb/mdb.c:10725:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, txnid == (txnid_t)-1 ?
data/bareos-17.2.7/src/ndmp/ndma_comm_job.c:45:32: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define ERROR(S) { if (errbuf) strcpy(errbuf, (S)); RETERR }
data/bareos-17.2.7/src/ndmp/ndma_cops_labels.c:153:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (me->label, labbuf);
data/bareos-17.2.7/src/ndmp/ndma_ctst_subr.c:338:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(test_name_buf, test_name);
data/bareos-17.2.7/src/ndmp/ndma_ctst_subr.c:354:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(warn_msg_buf, warn_msg);
data/bareos-17.2.7/src/ndmp/ndma_ctst_subr.c:365:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fail_msg_buf, fail_msg);
data/bareos-17.2.7/src/ndmp/ndma_data.c:182:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, da->bu_type);
data/bareos-17.2.7/src/ndmp/ndma_data.c:217:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, da->bu_type);
data/bareos-17.2.7/src/ndmp/ndma_data.c:253:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, da->bu_type);
data/bareos-17.2.7/src/ndmp/ndma_data.c:757:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (buf, sizeof(buf), fmt, ap);
data/bareos-17.2.7/src/ndmp/ndma_data_pfe.c:124:3: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl ("/bin/sh", "sh", "-c", cmd, NULL);
data/bareos-17.2.7/src/ndmp/ndma_image_stream.c:463:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (reason, "IS %s_LISTEN: ", mine_ep->name);
data/bareos-17.2.7/src/ndmp/ndma_image_stream.c:468:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (reason_end, "%s not idle", mine_ep->name);
data/bareos-17.2.7/src/ndmp/ndma_image_stream.c:473:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (reason_end, "%s not idle", peer_ep->name);
data/bareos-17.2.7/src/ndmp/ndma_image_stream.c:514:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (reason, "IS %s_CONNECT: ", mine_ep->name);
data/bareos-17.2.7/src/ndmp/ndma_image_stream.c:519:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (reason_end, "%s not idle", mine_ep->name);
data/bareos-17.2.7/src/ndmp/ndma_image_stream.c:527:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (reason_end, "LOCAL %s not LISTEN",
data/bareos-17.2.7/src/ndmp/ndma_image_stream.c:533:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (reason_end, "LOCAL %s not LOCAL",
data/bareos-17.2.7/src/ndmp/ndma_image_stream.c:542:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (reason_end, "LOCAL %s not IDLE",
data/bareos-17.2.7/src/ndmp/ndma_image_stream.c:787:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (reason, "IS %s_START: ", mine_ep->name);
data/bareos-17.2.7/src/ndmp/ndma_noti_calls.c:136:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (buf, sizeof(buf), fmt, ap);
data/bareos-17.2.7/src/ndmp/ndmjob_job.c:276:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (p, p+1);
data/bareos-17.2.7/src/ndmp/ndmjob_job.c:280:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (p, p+2);
data/bareos-17.2.7/src/ndmp/ndmjob_job.c:308:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dest, C_chdir);
data/bareos-17.2.7/src/ndmp/ndmjob_job.c:313:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (dest, file_arg_new[i]);
data/bareos-17.2.7/src/ndmp/ndmjob_job.c:330:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dest, C_chdir);
data/bareos-17.2.7/src/ndmp/ndmjob_job.c:336:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (dest, file_arg[i]);
data/bareos-17.2.7/src/ndmp/ndmjob_main_util.c:79:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system (cmd) < 0)
data/bareos-17.2.7/src/ndmp/ndmjob_main_util.c:95:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (buf, sizeof(buf), fmt, ap);
data/bareos-17.2.7/src/ndmp/ndmjob_main_util.c:149:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (buf, sizeof(buf), fmt, ap);
data/bareos-17.2.7/src/ndmp/ndml_chan.c:493:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (bp, "name=%s", ch->name); while (*bp) bp++;
data/bareos-17.2.7/src/ndmp/ndml_chan.c:507:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (bp, " %s ", p);
data/bareos-17.2.7/src/ndmp/ndml_log.c:80:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (buf, sizeof(buf), fmt, ap);
data/bareos-17.2.7/src/ndmp/ndml_log.c:91:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (buf, sizeof(buf), fmt, ap);
data/bareos-17.2.7/src/ndmp/ndml_media.c:132:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (q, me->label);
data/bareos-17.2.7/src/ndmp/ndml_media.c:175:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "valid label=%s filemark=%s n_bytes=%s slot=%s",
data/bareos-17.2.7/src/ndmp/ndml_media.c:183:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "media used=%s written=%s eof=%s eom=%s io_error=%s",
data/bareos-17.2.7/src/ndmp/ndml_media.c:192:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "label read=%s written=%s io_error=%s mismatch=%s",
data/bareos-17.2.7/src/ndmp/ndml_media.c:200:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "fm_error=%s nb_determined=%s nb_aligned=%s",
data/bareos-17.2.7/src/ndmp/ndml_media.c:207:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "slot empty=%s bad=%s missing=%s",
data/bareos-17.2.7/src/ndmp/ndml_scsi.c:73:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (targ->dev_name, str);
data/bareos-17.2.7/src/ndmp/ndmp0_pp.c:50:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "C %s %lu",
data/bareos-17.2.7/src/ndmp/ndmp0_pp.c:54:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "R %s %lu (%lu)",
data/bareos-17.2.7/src/ndmp/ndmp0_pp.c:59:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), " %s",
data/bareos-17.2.7/src/ndmp/ndmp0_pp.c:90:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "reason=%s protocol_version=%d text_reason='%s'",
data/bareos-17.2.7/src/ndmp/ndmp0_pp.c:110:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s", ndmp0_error_to_str(*p));
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:51:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "C %s %lu",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:55:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "R %s %lu (%lu)",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:60:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), " %s",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:74:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s", ndmp2_mover_addr_type_to_str (ma->addr_type));
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:103:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "auth_type=%s",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:110:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), " auth_id=%s",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:115:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), " auth_id=%s",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:153:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "bu_type='%s'", p->name);
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:159:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "auth_type=%s", ndmp2_auth_type_to_str (p->auth_type));
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:165:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "device='%s'", p->device.name);
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:171:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "device='%s' cont=%d sid=%d lun=%d",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:198:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "device='%s' mode=%s",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:206:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "op=%s count=%ld",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:227:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "bu_type='%s' n_env=%d mover=",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:233:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "env[%d] name='%s' value='%s'",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:248:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "bu_type='%s' n_env=%d n_nlist=%d mover=",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:255:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "env[%d] name='%s' value='%s'",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:261:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf,
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:278:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "reason=%s text_reason='%s'",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:286:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "reason=%s protocol_version=%d text_reason='%s'",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:295:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "reason=%s text_reason='%s'",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:303:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "reason=%s seek_position=%lld",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:318:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "entry='%s'", p->entry);
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:324:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "level=%s message='%s'",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:331:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "file=%s error=%s",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:347:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "[%d] %-15s %7llu %s [%lld]", i,
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:370:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "[%d] %lu %lu %s", i,
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:390:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "[%d] %-15s %7llu %lu [%lld]", i,
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:405:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "mode=%s addr_type=%s",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:467:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s", ndmp2_error_to_str(*p));
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:482:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 0: sprintf (buf, "error=%s hostname=%s",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:486:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 1: sprintf (buf, "os_type=%s os_vers=%s hostid=%s",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:491:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), " %s",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:507:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s attrs=0x%lx",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:515:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s methods[%d]={",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:519:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), " %s",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:532:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s cont=%d sid=%d lun=%d",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:543:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 0: sprintf (buf,
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:563:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 0: sprintf (buf, "error=%s flags=0x%lx file_num=%ld",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:583:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s resid_count=%ld",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:590:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s count=%ld",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:597:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s data_in_len=%d",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:605:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 0: sprintf (buf, "error=%s op=%s",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:609:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 1: sprintf (buf, "state=%s",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:612:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 2: sprintf (buf, "halt_reason=%s",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:636:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s n_env=%d",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:642:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "[%d] name='%s' value='%s'",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:670:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 0: sprintf (buf, "error=%s state=%s",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:674:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 1: sprintf (buf, "pause_reason=%s",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:677:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 2: sprintf (buf, "halt_reason=%s",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:697:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s mover=", ndmp2_error_to_str(p->error));
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:51:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "C %s %lu",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:55:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "R %s %lu (%lu)",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:60:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), " %s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:74:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s", ndmp3_addr_type_to_str (ma->addr_type));
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:103:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "auth_type=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:105:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "auth_type=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:112:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), " auth_id=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:117:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), " auth_id=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:160:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "auth_type=%s", ndmp3_auth_type_to_str (p->auth_type));
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:166:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "device='%s'", p->device);
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:172:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "device='%s' cont=%d sid=%d lun=%d",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:199:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "device='%s' mode=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:207:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "op=%s count=%ld",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:228:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "bu_type='%s' n_env=%d",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:233:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "env[%d] name='%s' value='%s'",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:248:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "bu_type='%s' n_env=%d n_nlist=%d",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:254:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "env[%d] name='%s' value='%s'",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:264:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "nl[%d] original_path='%s'",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:268:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "..... destination_dir='%s'",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:272:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "..... new_name='%s' other='%s'",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:291:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "addr_type=%s", ndmp3_addr_type_to_str (p->addr_type));
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:304:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "reason=%s text_reason='%s'",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:312:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "reason=%s protocol_version=%d text_reason='%s'",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:321:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "reason=%s text_reason='%s'",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:329:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "reason=%s seek_position=%lld",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:344:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "file=%s error=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:352:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "log_type=%s id=%lu message='%s'",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:410:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, " name[%d] fs_type=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:415:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), " other=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:420:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), " unix=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:425:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf)," nt=%s dos=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:441:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, " stat[%ud] fs_type=%s ftype=%s size=%lld",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:505:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, " name[%ud] fs_type=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:510:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), " other=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:515:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), " unix=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:520:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf)," nt=%s dos=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:583:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, " stat[%ud] fs_type=%s ftype=%s size=%lld",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:599:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "mode=%s addr_type=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:625:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "mode=%s addr=", ndmp3_mover_mode_to_str (p->mode));
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:671:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s", ndmp3_error_to_str(*p));
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:677:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s addr_types[%d]={",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:681:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), " %s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:707:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 0: sprintf (buf, "error=%s hostname=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:711:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 1: sprintf (buf, "os_type=%s os_vers=%s hostid=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:728:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s cont=%d sid=%d lun=%d",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:739:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 0: sprintf (buf,
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:759:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 0: sprintf (buf, "invalid=%lx error=%s flags=0x%lx file_num=%ld",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:780:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s resid_count=%ld",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:787:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s count=%ld",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:794:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s data_in_len=%d",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:802:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 0: sprintf (buf, "invalid=%lx error=%s op=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:807:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 1: sprintf (buf, "state=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:810:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 2: sprintf (buf, "halt_reason=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:835:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s n_env=%d",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:841:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "[%d] name='%s' value='%s'",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:868:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 0: sprintf (buf, "error=%s state=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:872:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 1: sprintf (buf, "pause_reason=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:875:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 2: sprintf (buf, "halt_reason=%s",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:899:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s mover_conn_addr=",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:907:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s data_conn_addr=",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:51:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "C %s %lu",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:55:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "R %s %lu (%lu)",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:60:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), " %s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:78:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s", ndmp4_addr_type_to_str (ma->addr_type));
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:89:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), "%d(%s:%u",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:95:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), ",%s=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:125:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "auth_type=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:127:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "auth_type=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:134:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), " auth_id=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:139:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), " auth_id=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:180:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "auth_type=%s", ndmp4_auth_type_to_str (p->auth_type));
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:186:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "device='%s'", p->device);
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:221:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "device='%s' mode=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:229:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "op=%s count=%ld",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:250:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "butype_name='%s' n_env=%d",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:255:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "env[%d] name='%s' value='%s'",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:270:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "butype_name='%s' n_env=%d n_nlist=%d",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:276:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "env[%d] name='%s' value='%s'",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:286:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "nl[%d] original_path='%s'",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:290:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "..... destination_path='%s'",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:294:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "..... name='%s' other='%s'",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:313:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "addr_type=%s", ndmp4_addr_type_to_str (p->addr_type));
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:326:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "reason=%s", ndmp4_data_halt_reason_to_str(p->reason));
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:332:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "reason=%s protocol_version=%d text_reason='%s'",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:341:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "reason=%s", ndmp4_mover_halt_reason_to_str(p->reason));
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:347:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "reason=%s seek_position=%lld",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:362:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "file=%s recovery_status=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:370:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "log_type=%s id=%lu message='%s'",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:428:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, " name[%ud] fs_type=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:433:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), " other=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:438:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), " unix=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:443:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf)," nt=%s dos=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:459:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, " stat[%d] fs_type=%s ftype=%s size=%lld",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:523:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, " name[%d] fs_type=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:528:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), " other=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:533:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), " unix=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:538:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf)," nt=%s dos=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:601:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, " stat[%ud] fs_type=%s ftype=%s size=%lld",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:617:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "mode=%s addr_type=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:643:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "mode=%s addr=", ndmp4_mover_mode_to_str (p->mode));
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:689:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s", ndmp4_error_to_str(*p));
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:704:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 0: sprintf (buf, "error=%s hostname=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:708:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 1: sprintf (buf, "os_type=%s os_vers=%s hostid=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:721:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s addr_types[%d]={",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:725:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (NDMOS_API_STREND(buf), " %s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:745:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s cont=%d sid=%d lun=%d",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:756:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 0: sprintf (buf,
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:776:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 0: sprintf (buf, "unsupp=%lx error=%s flags=0x%lx file_num=%ld",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:797:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s resid_count=%ld",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:804:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s count=%ld",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:811:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s data_in_len=%d",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:819:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 0: sprintf (buf, "unsupp=%lx error=%s op=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:824:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 1: sprintf (buf, "state=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:827:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 2: sprintf (buf, "halt_reason=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:852:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s n_env=%d",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:858:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "[%d] name='%s' value='%s'",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:885:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 0: sprintf (buf, "error=%s state=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:889:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 1: sprintf (buf, "pause_reason=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:892:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 2: sprintf (buf, "halt_reason=%s",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:916:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "error=%s data_conn_addr=",
data/bareos-17.2.7/src/ndmp/smc_pp.c:80:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "@%-3d %-4s",
data/bareos-17.2.7/src/ndmp/smc_pp.c:103:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (strend(buf), " PVolTag(%s,#%d)",
data/bareos-17.2.7/src/ndmp/smc_pp.c:113:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (*buf && nline++ == lineno) strcpy (ret_buf, buf);
data/bareos-17.2.7/src/ndmp/smc_pp.c:119:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buf, INDENT_SPACES "AVolTag(%s,#%d)",
data/bareos-17.2.7/src/ndmp/smc_pp.c:124:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (*buf && nline++ == lineno) strcpy (ret_buf, buf);
data/bareos-17.2.7/src/ndmp/smc_pp.c:128:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buf, INDENT_SPACES "SValid(src=%d,%sinvert)",
data/bareos-17.2.7/src/ndmp/smc_pp.c:133:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (*buf && nline++ == lineno) strcpy (ret_buf, buf);
data/bareos-17.2.7/src/ndmp/smc_pp.c:137:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buf, INDENT_SPACES);
data/bareos-17.2.7/src/ndmp/smc_pp.c:154:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (*buf && nline++ == lineno) strcpy (ret_buf, buf);
data/bareos-17.2.7/src/ndmp/smc_pp.c:158:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buf, INDENT_SPACES);
data/bareos-17.2.7/src/ndmp/smc_pp.c:176:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (*buf && nline++ == lineno) strcpy (ret_buf, buf);
data/bareos-17.2.7/src/ndmp/wraplib.c:83:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (wccb->errmsg, "failed fdopen %s", filename);
data/bareos-17.2.7/src/ndmp/wraplib.c:89:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (wccb->errmsg, "failed open %s", filename);
data/bareos-17.2.7/src/ndmp/wraplib.c:140:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (wccb->errmsg, "failed open %s", filename);
data/bareos-17.2.7/src/ndmp/wraplib.c:162:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (buf+5, sizeof(buf)-5, fmt, ap);
data/bareos-17.2.7/src/ndmp/wraplib.c:319:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (wccb->errmsg, "malformed fhinfo %s", p);
data/bareos-17.2.7/src/ndmp/wraplib.c:334:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(wccb->errmsg,"malformed fhinfo %s",p);
data/bareos-17.2.7/src/ndmp/wraplib.c:519:3: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl ("/bin/sh", "sh", "-c", cmd, NULL);
data/bareos-17.2.7/src/plugins/filed/bpipe-fd.c:619:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(omsg, str);
data/bareos-17.2.7/src/qt-tray-monitor/tray-monitor.cpp:48:14: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out = out.sprintf(_(PROG_COPYRIGHT
data/bareos-17.2.7/src/stored/ansi_label.c:328:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ansi_volname, VolName);
data/bareos-17.2.7/src/stored/askdir.c:180:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
n = sscanf(dir->msg, OK_media, vol.VolCatName,
data/bareos-17.2.7/src/stored/bcopy.c:58:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bareos-17.2.7/src/stored/bextract.c:69:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bareos-17.2.7/src/stored/bls.c:62:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bareos-17.2.7/src/stored/bscan.c:102:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bareos-17.2.7/src/stored/btape.c:2419:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/btape.state", working_directory);
data/bareos-17.2.7/src/stored/btape.c:2481:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/btape.state", working_directory);
data/bareos-17.2.7/src/stored/btape.c:3012:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bareos-17.2.7/src/stored/dir_cmd.c:390:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, setbandwidth, &bw, Job) != 2 || bw < 0) {
data/bareos-17.2.7/src/stored/dir_cmd.c:426:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
scan = sscanf(dir->msg, setdebugv1cmd, &level, &trace_flag, ×tamp_flag);
data/bareos-17.2.7/src/stored/dir_cmd.c:428:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
scan = sscanf(dir->msg, setdebugv0cmd, &level, &trace_flag);
data/bareos-17.2.7/src/stored/dir_cmd.c:465:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, cancelcmd, Job) == 1) {
data/bareos-17.2.7/src/stored/dir_cmd.c:566:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(dir->msg, resolvecmd, &hostname);
data/bareos-17.2.7/src/stored/dir_cmd.c:616:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, relabelcmd, dev_name.c_str(), oldname,
data/bareos-17.2.7/src/stored/dir_cmd.c:623:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, labelcmd, dev_name.c_str(), newname,
data/bareos-17.2.7/src/stored/dir_cmd.c:940:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
ok = sscanf(dir->msg, mountslotcmd, devname.c_str(), &drive, &slot) == 3;
data/bareos-17.2.7/src/stored/dir_cmd.c:942:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
ok = sscanf(dir->msg, mountcmd, devname.c_str(), &drive) == 2;
data/bareos-17.2.7/src/stored/dir_cmd.c:1084:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, unmountcmd, devname.c_str(), &drive) == 2) {
data/bareos-17.2.7/src/stored/dir_cmd.c:1179:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, actionopcmd, devname, volumename, &action) != 3)
data/bareos-17.2.7/src/stored/dir_cmd.c:1214:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, releasecmd, devname.c_str(), &drive) == 2) {
data/bareos-17.2.7/src/stored/dir_cmd.c:1417:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, readlabelcmd, devname.c_str(), &slot, &drive) == 3) {
data/bareos-17.2.7/src/stored/dir_cmd.c:1589:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, replicatecmd, JobName, stored_addr, &stored_port,
data/bareos-17.2.7/src/stored/dir_cmd.c:1680:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, passiveclientcmd, filed_addr, &filed_port, &enable_ssl) != 3) {
data/bareos-17.2.7/src/stored/dir_cmd.c:1749:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, pluginoptionscmd, plugin_options) != 1) {
data/bareos-17.2.7/src/stored/fd_cmds.c:386:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(fd->msg, read_open, jcr->read_dcr->VolumeName, &jcr->read_VolSessionId,
data/bareos-17.2.7/src/stored/job.c:89:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
status = sscanf(dir->msg, jobcmd, &JobId, job.c_str(), job_name.c_str(),
data/bareos-17.2.7/src/stored/job.c:399:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
ok = sscanf(dir->msg, query_device, dev_name.c_str()) == 1;
data/bareos-17.2.7/src/stored/label.c:719:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dev->VolHdr.ProgVersion, "Ver. %s %s", VERSION, BDATE);
data/bareos-17.2.7/src/stored/label.c:720:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dev->VolHdr.ProgDate, "Build %s %s", __DATE__, __TIME__);
data/bareos-17.2.7/src/stored/mac.c:580:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(sd->msg, OK_start_replicate, &jcr->Ticket) != 1) {
data/bareos-17.2.7/src/stored/record.c:85:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resultbuffer.strcat(tmp);
data/bareos-17.2.7/src/stored/record.c:108:20: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resultbuffer.strcat(tmp);
data/bareos-17.2.7/src/stored/record.c:152:23: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
resultbuffer.strcat(tmp);
data/bareos-17.2.7/src/stored/reserve.c:209:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
ok = sscanf(dir->msg, use_storage, store_name.c_str(),
data/bareos-17.2.7/src/stored/reserve.c:240:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
ok = sscanf(dir->msg, use_device, dev_name.c_str()) == 1;
data/bareos-17.2.7/src/stored/status.c:1086:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, statuscmd, devicenames.c_str()) != 1) {
data/bareos-17.2.7/src/stored/status.c:1115:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(dir->msg, dotstatuscmd, cmd.c_str()) != 1) {
data/bareos-17.2.7/src/stored/stored.c:70:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bareos-17.2.7/src/tests/bbatch.c:69:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bareos-17.2.7/src/tests/cats_test.c:50:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bareos-17.2.7/src/tests/cats_test.c:496:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(jr.Job, buf);
data/bareos-17.2.7/src/tests/cats_test.c:505:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(jr2.Job, jr.Job);
data/bareos-17.2.7/src/tests/cats_test.c:571:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cr2.Name, cr.Name);
data/bareos-17.2.7/src/tests/ing_test.c:46:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _(
data/bareos-17.2.7/src/tools/bpluginfo.c:281:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dirtmp, argv[0]);
data/bareos-17.2.7/src/tools/bsmtp.c:157:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(sfp, fmt, ap);
data/bareos-17.2.7/src/tools/bsmtp.c:162:8: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, ap);
data/bareos-17.2.7/src/tools/bsmtp.c:246:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, tzbuf); /* add +0100 */
data/bareos-17.2.7/src/tools/bsmtp.c:248:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, tzbuf); /* add (CEST) */
data/bareos-17.2.7/src/tools/smtp-orig.c:130:30: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define dprintf if (verbose) printf
data/bareos-17.2.7/src/tools/smtp-orig.c:131:32: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define dvprintf if (verbose) vprintf
data/bareos-17.2.7/src/tools/smtp-orig.c:171:6: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(sfp, fmt, ap);
data/bareos-17.2.7/src/tools/timelimit.c:197:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, v);
data/bareos-17.2.7/src/tools/timelimit.c:209:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, v);
data/bareos-17.2.7/src/tools/timelimit.c:221:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, v);
data/bareos-17.2.7/src/tools/timelimit.c:502:9: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[0], argv);
data/bareos-17.2.7/src/win32/compat/compat.c:570:7: [4] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
wcscat(pwszBuf, szDrive);
data/bareos-17.2.7/src/win32/compat/compat.c:594:10: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(pwszBuf, pwszCurDirBuf);
data/bareos-17.2.7/src/win32/compat/compat.c:599:10: [4] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
wcscat(pwszBuf, pwszCurDirBuf);
data/bareos-17.2.7/src/win32/compat/compat.c:823:10: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy((LPWSTR) pszUCS, (LPWSTR)tcc->pWin32ConvUCS2Cache);
data/bareos-17.2.7/src/win32/compat/compat.c:850:7: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy((LPWSTR) tcc->pWin32ConvUCS2Cache, (LPWSTR) pszUCS);
data/bareos-17.2.7/src/win32/compat/compat.c:2024:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int execvp(const char *, char *[]) {
data/bareos-17.2.7/src/win32/compat/compat.c:2237:17: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
extern "C" void syslog(int type, const char *fmt, ...)
data/bareos-17.2.7/src/win32/compat/include/compat.h:266:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/bareos-17.2.7/src/win32/compat/include/compat.h:267:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/bareos-17.2.7/src/win32/compat/include/compat.h:267:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/bareos-17.2.7/src/win32/compat/include/compat.h:321:17: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
extern "C" void syslog(int type, const char *fmt, ...);
data/bareos-17.2.7/src/win32/compat/include/compat.h:331:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
#define access _access
data/bareos-17.2.7/src/win32/compat/include/compat.h:333:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int execvp(const char *, char *[]);
data/bareos-17.2.7/src/win32/compat/include/syslog.h:96:6: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
void syslog(int type, const char *fmt, ...);
data/bareos-17.2.7/src/win32/compat/print.c:713:12: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rval = vsnprintf(str, 128*1024, fmt, ap);
data/bareos-17.2.7/src/win32/compat/print.c:726:12: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rval = vsnprintf(str, count, fmt, ap);
data/bareos-17.2.7/platforms/freebsd/tapetest.c:172:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "d:v?")) != -1) {
data/bareos-17.2.7/src/console/conio.c:953:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *termtype = (char *)getenv("TERM");
data/bareos-17.2.7/src/console/console.c:1117:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "D:lc:d:nstu:x:?")) != -1) {
data/bareos-17.2.7/src/console/console.c:1376:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *env = getenv("USERPROFILE");
data/bareos-17.2.7/src/console/console.c:1381:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *env = getenv("HOME");
data/bareos-17.2.7/src/dird/dbcheck.c:1187:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "bc:C:D:d:fvBt?")) != -1) {
data/bareos-17.2.7/src/dird/dird.c:230:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "c:d:fg:mr:stu:vx:?")) != -1) {
data/bareos-17.2.7/src/dird/expand.c:323:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((val = getenv(buf.c_str())) == NULL) {
data/bareos-17.2.7/src/dird/testfind.c:101:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "ac:d:f:?")) != -1) {
data/bareos-17.2.7/src/filed/filed.c:112:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "bc:d:fg:kmrstu:vx:?")) != -1) {
data/bareos-17.2.7/src/lib/cram-md5.c:57:4: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom((t1.tv_sec & 0xffff) * (t2.tv_usec & 0xff));
data/bareos-17.2.7/src/lib/cram-md5.c:65:39: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Mmsg(chal, "<%u.%u@%s>", (uint32_t)random(), (uint32_t)time(NULL), host.c_str());
data/bareos-17.2.7/src/lib/passphrase.c:129:4: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/bareos-17.2.7/src/lib/util.c:674:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((shellcmd = getenv("SHELL")) == NULL) {
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:173:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((p = getenv ("NDMJOB_CONF")) != 0) {
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:195:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt (ac, av, options)) != EOF) {
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:924:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((p = getenv (env_name)) != 0) {
data/bareos-17.2.7/src/ndmp/ndmos.h:453:29: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define NDMOS_MACRO_SRAND() srand(time(0))
data/bareos-17.2.7/src/ndmp/wraplib.c:214:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt (argc, argv, "cxtB:d:I:E:f:o:")) != EOF) {
data/bareos-17.2.7/src/qt-tray-monitor/tray-monitor.cpp:71:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "bc:d:th?f:s:x:")) != -1) {
data/bareos-17.2.7/src/stored/bcopy.c:97:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "b:c:D:d:i:o:pvw:?")) != -1) {
data/bareos-17.2.7/src/stored/bextract.c:110:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "b:c:D:d:e:i:pvV:?")) != -1) {
data/bareos-17.2.7/src/stored/bls.c:110:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "b:c:D:d:e:i:jkLpvV:?")) != -1) {
data/bareos-17.2.7/src/stored/bscan.c:157:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "a:B:b:c:d:D:h:p:mn:pP:q:rsSt:u:vV:w:?")) != -1) {
data/bareos-17.2.7/src/stored/btape.c:196:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(margc, margv, "b:c:D:d:psv?")) != -1) {
data/bareos-17.2.7/src/stored/btape.c:440:10: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(time(NULL));
data/bareos-17.2.7/src/stored/btape.c:442:20: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
p[i] = random();
data/bareos-17.2.7/src/stored/crc32.c:425:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "h?")) != -1) {
data/bareos-17.2.7/src/stored/stored.c:134:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "c:d:fg:mpstu:vx:?")) != -1) {
data/bareos-17.2.7/src/tests/bbatch.c:124:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "bBh:c:d:D:n:P:Su:vf:w:r:?")) != -1) {
data/bareos-17.2.7/src/tests/bregtest.c:70:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "sd:f:e:")) != -1) {
data/bareos-17.2.7/src/tests/cats_test.c:242:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "qh:c:l:d:D:n:P:Su:vFw:?p:f:T")) != -1) {
data/bareos-17.2.7/src/tests/ing_test.c:107:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "h:c:l:d:n:P:Su:vf:w:?j:p:f:T")) != -1) {
data/bareos-17.2.7/src/tests/testls.c:89:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "ad:e:i:q?")) != -1) {
data/bareos-17.2.7/src/tools/bpluginfo.c:240:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "a:fiv")) != -1) {
data/bareos-17.2.7/src/tools/bpluginfo.c:283:14: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(dirtmp, progdir) == NULL) {
data/bareos-17.2.7/src/tools/bregex.c:90:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "d:f:nl?")) != -1) {
data/bareos-17.2.7/src/tools/bscrypto.c:84:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "bcD:d:eg:k:p:r:s:vw:?")) != -1) {
data/bareos-17.2.7/src/tools/bsmtp.c:289:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, options)) != -1) {
data/bareos-17.2.7/src/tools/bsmtp.c:373:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("SMTPSERVER")) != NULL) {
data/bareos-17.2.7/src/tools/bwild.c:65:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "d:f:in?")) != -1) {
data/bareos-17.2.7/src/tools/drivetype.c:88:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "alv?")) != -1) {
data/bareos-17.2.7/src/tools/fstype.c:63:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "v?")) != -1) {
data/bareos-17.2.7/src/tools/smtp-orig.c:207:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "c:e:f:m:Mr:s:v")) != EOF) {
data/bareos-17.2.7/src/tools/timelimit.c:308:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s = getenv(envopts[i].name)) != NULL) {
data/bareos-17.2.7/src/tools/timelimit.c:316:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "+lqpS:s:T:t:")) != -1) {
data/bareos-17.2.7/src/win32/compat/compat.c:881:13: [3] (misc) LoadLibraryEx:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
handle = LoadLibraryEx(filename, NULL, dwFlags);
data/bareos-17.2.7/src/win32/compat/compat.c:930:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long int random(void)
data/bareos-17.2.7/src/win32/compat/compat.c:935:6: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void srandom(unsigned int seed)
data/bareos-17.2.7/src/win32/compat/compat.c:937:4: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/bareos-17.2.7/src/win32/compat/compat.c:3424:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
comspec = getenv("COMSPEC");
data/bareos-17.2.7/src/win32/compat/include/compat.h:283:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long int random(void);
data/bareos-17.2.7/src/win32/compat/include/compat.h:284:6: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void srandom(unsigned int seed);
data/bareos-17.2.7/src/win32/compat/include/getopt.h:36:5: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int argc, char * const argv[], const char *optstring);
data/bareos-17.2.7/src/win32/generic/service.c:186:29: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
HINSTANCE kerneldll = LoadLibrary("KERNEL32.DLL");
data/bareos-17.2.7/src/win32/generic/service.c:602:22: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
HINSTANCE hLib = LoadLibrary("ADVAPI32.DLL");
data/bareos-17.2.7/platforms/freebsd/tapetest.c:125:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100000];
data/bareos-17.2.7/platforms/freebsd/tapetest.c:157:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cmd[1000];
data/bareos-17.2.7/platforms/freebsd/tapetest.c:175:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bareos-17.2.7/platforms/freebsd/tapetest.c:207:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(argv[0], O_RDWR);
data/bareos-17.2.7/platforms/freebsd/tapetest.c:330:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(cmd);
data/bareos-17.2.7/platforms/freebsd/tapetest.c:353:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rfd = open("/dev/urandom", O_RDONLY);
data/bareos-17.2.7/platforms/freebsd/tapetest.c:446:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rfd = open("/dev/urandom", O_RDONLY);
data/bareos-17.2.7/src/cats/bvfs.c:116:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathid[50];
data/bareos-17.2.7/src/cats/bvfs.c:191:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jobid[50];
data/bareos-17.2.7/src/cats/bvfs.c:573:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/bvfs.c:586:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/bvfs.c:587:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname_esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/bvfs.c:588:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char client_esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/bvfs.c:636:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathid[50];
data/bareos-17.2.7/src/cats/bvfs.c:687:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathid[50];
data/bareos-17.2.7/src/cats/bvfs.c:723:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[maxlen+1];
data/bareos-17.2.7/src/cats/cats.h:92:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH]; /**< Job unique name */
data/bareos-17.2.7/src/cats/cats.h:93:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Name[MAX_NAME_LENGTH]; /**< Job base name */
data/bareos-17.2.7/src/cats/cats.h:127:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cSchedTime[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/cats/cats.h:128:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cStartTime[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/cats/cats.h:129:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cEndTime[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/cats/cats.h:130:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cRealEndTime[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/cats/cats.h:165:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolumeName[MAX_NAME_LENGTH]; /**< Volume name */
data/bareos-17.2.7/src/cats/cats.h:166:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MediaType[MAX_NAME_LENGTH]; /**< Media Type */
data/bareos-17.2.7/src/cats/cats.h:167:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Storage[MAX_NAME_LENGTH]; /**< Storage name */
data/bareos-17.2.7/src/cats/cats.h:231:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LStat[256];
data/bareos-17.2.7/src/cats/cats.h:232:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Digest[BASE64_SIZE(CRYPTO_DIGEST_MAX_SIZE)];
data/bareos-17.2.7/src/cats/cats.h:241:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Name[MAX_NAME_LENGTH]; /**< Pool name */
data/bareos-17.2.7/src/cats/cats.h:258:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PoolType[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/cats/cats.h:259:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LabelFormat[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/cats/cats.h:274:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Name[MAX_NAME_LENGTH]; /**< Device name */
data/bareos-17.2.7/src/cats/cats.h:294:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Name[MAX_NAME_LENGTH]; /**< Device name */
data/bareos-17.2.7/src/cats/cats.h:308:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MediaType[MAX_NAME_LENGTH]; /**< MediaType string */
data/bareos-17.2.7/src/cats/cats.h:317:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolumeName[MAX_NAME_LENGTH]; /**< Volume name */
data/bareos-17.2.7/src/cats/cats.h:318:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MediaType[MAX_NAME_LENGTH]; /**< Media type */
data/bareos-17.2.7/src/cats/cats.h:319:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char EncrKey[MAX_NAME_LENGTH]; /**< Encryption Key */
data/bareos-17.2.7/src/cats/cats.h:353:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolStatus[20]; /**< Volume status */
data/bareos-17.2.7/src/cats/cats.h:367:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cFirstWritten[MAX_TIME_LENGTH]; /**< FirstWritten returned from DB */
data/bareos-17.2.7/src/cats/cats.h:368:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cLastWritten[MAX_TIME_LENGTH]; /**< LastWritten returned from DB */
data/bareos-17.2.7/src/cats/cats.h:369:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cLabelDate[MAX_TIME_LENGTH]; /**< LabelData returned from DB */
data/bareos-17.2.7/src/cats/cats.h:370:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cInitialWrite[MAX_TIME_LENGTH]; /**< InitialWrite returned from DB */
data/bareos-17.2.7/src/cats/cats.h:385:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Name[MAX_NAME_LENGTH]; /**< Client name */
data/bareos-17.2.7/src/cats/cats.h:386:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Uname[256]; /**< Uname for client */
data/bareos-17.2.7/src/cats/cats.h:393:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Counter[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/cats/cats.h:397:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char WrapCounter[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/cats/cats.h:405:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FileSet[MAX_NAME_LENGTH]; /**< FileSet name */
data/bareos-17.2.7/src/cats/cats.h:407:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MD5[50]; /**< MD5 signature of include/exclude */
data/bareos-17.2.7/src/cats/cats.h:412:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cCreateTime[MAX_TIME_LENGTH]; /**< CreateTime as returned from DB */
data/bareos-17.2.7/src/cats/cats.h:897:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256]; /**< Used to print last dash line */
data/bareos-17.2.7/src/cats/dbi.c:97:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_db_driver[10];
data/bareos-17.2.7/src/cats/dbi.c:98:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_driverdir[256];
data/bareos-17.2.7/src/cats/dbi.c:209:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10], *port;
data/bareos-17.2.7/src/cats/dbi.c:268:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(new_db_name, ".db");
data/bareos-17.2.7/src/cats/dbi.c:464:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(esc_obj, pnew, new_len);
data/bareos-17.2.7/src/cats/dbi.c:483:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, from, expected_len);
data/bareos-17.2.7/src/cats/dbi.c:978:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sequence[30];
data/bareos-17.2.7/src/cats/dbi.c:1354:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/ingres.c:745:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sequence[64];
data/bareos-17.2.7/src/cats/ingres.c:746:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char getkeyval_query[256];
data/bareos-17.2.7/src/cats/ingres.c:980:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50];
data/bareos-17.2.7/src/cats/myingres.c:296:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vars[i].sqlind,sqlda->sqlvar[i].sqlind,sizeof(short));
data/bareos-17.2.7/src/cats/myingres.c:315:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vars[i].sqldata,sqlda->sqlvar[i].sqldata + 2,len);
data/bareos-17.2.7/src/cats/myingres.c:322:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vars[i].sqldata,sqlda->sqlvar[i].sqldata,sqlda->sqlvar[i].sqllen);
data/bareos-17.2.7/src/cats/myingres.c:880:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[256];
data/bareos-17.2.7/src/cats/mysql.c:389:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, from, expected_len);
data/bareos-17.2.7/src/cats/mysql.c:759:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50];
data/bareos-17.2.7/src/cats/postgresql.c:200:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10], *port;
data/bareos-17.2.7/src/cats/postgresql.c:410:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(esc_obj, obj, new_len);
data/bareos-17.2.7/src/cats/postgresql.c:442:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, obj, new_len);
data/bareos-17.2.7/src/cats/postgresql.c:821:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sequence[NAMEDATALEN-1];
data/bareos-17.2.7/src/cats/postgresql.c:822:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char getkeyval_query[NAMEDATALEN+50];
data/bareos-17.2.7/src/cats/postgresql.c:1138:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50];
data/bareos-17.2.7/src/cats/sql.c:271:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30];
data/bareos-17.2.7/src/cats/sql.c:304:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30];
data/bareos-17.2.7/src/cats/sql.c:408:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fname, f, fnl); /* copy filename */
data/bareos-17.2.7/src/cats/sql.c:418:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path, filename, pnl);
data/bareos-17.2.7/src/cats/sql.c:477:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ewc[30];
data/bareos-17.2.7/src/cats/sql.c:722:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ewc[30];
data/bareos-17.2.7/src/cats/sql_create.c:59:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/cats/sql_create.c:63:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30], ed2[30];
data/bareos-17.2.7/src/cats/sql_create.c:64:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_ujobname[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_create.c:65:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_jobname[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_create.c:113:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50];
data/bareos-17.2.7/src/cats/sql_create.c:169:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30], ed2[30], ed3[50], ed4[50], ed5[50];
data/bareos-17.2.7/src/cats/sql_create.c:170:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_poolname[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_create.c:171:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_lf[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_create.c:238:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30], ed2[30];
data/bareos-17.2.7/src/cats/sql_create.c:239:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_create.c:311:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_create.c:339:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sr->AutoChanger = atoi(row[1]); /* bool */
data/bareos-17.2.7/src/cats/sql_create.c:378:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_create.c:426:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50], ed4[50], ed5[50], ed6[50], ed7[50], ed8[50];
data/bareos-17.2.7/src/cats/sql_create.c:427:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed9[50], ed10[50], ed11[50], ed12[50];
data/bareos-17.2.7/src/cats/sql_create.c:429:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_medianame[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_create.c:430:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_mtype[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_create.c:431:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_status[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_create.c:495:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/cats/sql_create.c:526:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/cats/sql_create.c:528:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_clientname[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_create.c:529:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_uname[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_create.c:617:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30];
data/bareos-17.2.7/src/cats/sql_create.c:682:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_create.c:689:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cr, &mcr, sizeof(COUNTER_DBR));
data/bareos-17.2.7/src/cats/sql_create.c:723:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_fs[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_create.c:724:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_md5[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_create.c:1107:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_create.c:1219:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_create.c:1265:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/cats/sql_create.c:1315:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/cats/sql_create.c:1316:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_envname[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_create.c:1317:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_envvalue[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_create.c:1346:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/cats/sql_create.c:1347:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50], ed4[50];
data/bareos-17.2.7/src/cats/sql_create.c:1390:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/cats/sql_create.c:1391:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50], ed4[50], ed5[50], ed6[50];
data/bareos-17.2.7/src/cats/sql_create.c:1392:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed7[50], ed8[50], ed9[50], ed10[50], ed11[50], ed12[50];
data/bareos-17.2.7/src/cats/sql_create.c:1446:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/cats/sql_create.c:1447:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/cats/sql_delete.c:58:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_delete.c:150:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_delete.c:239:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mr->VolStatus, "Purged");
data/bareos-17.2.7/src/cats/sql_find.c:62:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/cats/sql_find.c:63:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_jobname[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_find.c:156:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/cats/sql_find.c:157:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_jobname[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_find.c:203:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/cats/sql_find.c:204:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_jobname[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_find.c:247:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_find.c:248:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_jobname[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_find.c:345:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_find.c:350:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_type[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_find.c:351:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_status[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_get.c:100:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50];
data/bareos-17.2.7/src/cats/sql_get.c:190:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30];
data/bareos-17.2.7/src/cats/sql_get.c:242:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_get.c:243:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_get.c:322:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_get.c:382:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_get.c:604:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_get.c:606:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_get.c:627:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30];
data/bareos-17.2.7/src/cats/sql_get.c:693:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_get.c:695:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_get.c:710:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30];
data/bareos-17.2.7/src/cats/sql_get.c:743:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_get.c:745:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_get.c:802:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_get.c:859:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_get.c:861:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_get.c:879:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30];
data/bareos-17.2.7/src/cats/sql_get.c:921:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_get.c:922:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_NAME_LENGTH * 2 + 1];
data/bareos-17.2.7/src/cats/sql_get.c:1061:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_get.c:1063:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_get.c:1097:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_get.c:1276:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clientid[50], jobid[50], filesetid[50];
data/bareos-17.2.7/src/cats/sql_get.c:1277:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/cats/sql_get.c:1387:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/cats/sql_get.c:1388:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_get.c:1435:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_get.c:1456:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/cats/sql_get.c:1457:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/cats/sql_get.c:1507:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/cats/sql_get.c:1509:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/cats/sql_get.c:1558:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_get.c:1602:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/cats/sql_get.c:1654:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_get.c:1680:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/cats/sql_get.c:1726:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_get.c:1727:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_NAME_LENGTH * 2 + 1];
data/bareos-17.2.7/src/cats/sql_list.c:92:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_list.c:192:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_list.c:193:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_list.c:303:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_list.c:445:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_list.c:487:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_list.c:519:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_list.c:520:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/cats/sql_list.c:521:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_list.c:640:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_list.c:686:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_list.c:729:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_update.c:54:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_update.c:74:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/cats/sql_update.c:93:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/cats/sql_update.c:97:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50], ed4[50], ed5[50];
data/bareos-17.2.7/src/cats/sql_update.c:125:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30];
data/bareos-17.2.7/src/cats/sql_update.c:152:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/cats/sql_update.c:153:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rdt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/cats/sql_update.c:155:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30], ed2[30], ed3[50], ed4[50];
data/bareos-17.2.7/src/cats/sql_update.c:157:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PriorJobId[50];
data/bareos-17.2.7/src/cats/sql_update.c:203:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/cats/sql_update.c:204:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_clientname[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_update.c:205:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_uname[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_update.c:239:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_update.c:254:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50], ed4[50], ed5[50], ed6[50];
data/bareos-17.2.7/src/cats/sql_update.c:255:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_update.c:291:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_update.c:312:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/cats/sql_update.c:314:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50], ed4[50];
data/bareos-17.2.7/src/cats/sql_update.c:315:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed5[50], ed6[50], ed7[50], ed8[50];
data/bareos-17.2.7/src/cats/sql_update.c:316:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed9[50], ed10[50], ed11[50];
data/bareos-17.2.7/src/cats/sql_update.c:317:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_medianame[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_update.c:318:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_status[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_update.c:406:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50], ed4[50], ed5[50];
data/bareos-17.2.7/src/cats/sql_update.c:407:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_update.c:458:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/cats/sql_update.c:459:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/cats/sql_update.c:495:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/cats/sql_update.c:521:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/cats/sql_update.c:546:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/cats/sql_update.c:570:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50];
data/bareos-17.2.7/src/cats/sqlite.c:179:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(db_path, ".db");
data/bareos-17.2.7/src/cats/sqlite.c:645:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50];
data/bareos-17.2.7/src/console/conio.c:75:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern "C" int tgetnum(char id[2]);
data/bareos-17.2.7/src/console/conio.c:76:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern "C" char *tgetstr(char id[2], char **);
data/bareos-17.2.7/src/console/conio.c:76:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern "C" char *tgetstr(char id[2], char **);
data/bareos-17.2.7/src/console/conio.c:178:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pool[POOLEN]; /* line pool */
data/bareos-17.2.7/src/console/conio.c:339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAX_STAB];
data/bareos-17.2.7/src/console/conio.c:382:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bareos-17.2.7/src/console/conio.c:389:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " 0x%x ", c);
data/bareos-17.2.7/src/console/conio.c:397:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " func=%d len=%d\n\r", tstab->func, tstab->len);
data/bareos-17.2.7/src/console/conio.c:468:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curline[2000]; /* edit buffer */
data/bareos-17.2.7/src/console/conio.c:741:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&curline[cp], &curline[cp+cnt], i);
data/bareos-17.2.7/src/console/conio.c:889:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&lptr->line,newl,newlen);
data/bareos-17.2.7/src/console/conio.c:938:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bareos-17.2.7/src/console/conio.c:951:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char term_buf[2048];
data/bareos-17.2.7/src/console/console.c:86:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *argk[MAX_CMD_ARGS];
data/bareos-17.2.7/src/console/console.c:87:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *argv[MAX_CMD_ARGS];
data/bareos-17.2.7/src/console/console.c:399:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, rl_line_buffer, len);
data/bareos-17.2.7/src/console/console.c:456:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, rl_line_buffer + start, end - start + 1);
data/bareos-17.2.7/src/console/console.c:509:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, what + pmatch[1].rm_so, size);
data/bareos-17.2.7/src/console/console.c:1033:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
item = atoi(UA_sock->msg);
data/bareos-17.2.7/src/console/console.c:1094:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[1024];
data/bareos-17.2.7/src/console/console.c:1142:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bareos-17.2.7/src/console/console.c:1162:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(optarg);
data/bareos-17.2.7/src/console/console.c:1392:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(UA_sock->msg, "rb");
data/bareos-17.2.7/src/console/console.c:1556:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(argk[1], "rb");
data/bareos-17.2.7/src/console/console.c:1604:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(argk[1], mode);
data/bareos-17.2.7/src/console/console.c:1621:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[5000];
data/bareos-17.2.7/src/console/console.c:1630:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wait = atoi(argk[2]);
data/bareos-17.2.7/src/console/console.c:1682:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sleep(atoi(argk[1]));
data/bareos-17.2.7/src/console/console.c:1690:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdt[50];
data/bareos-17.2.7/src/console/console.c:1702:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3000];
data/bareos-17.2.7/src/console/console.c:1714:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[3000];
data/bareos-17.2.7/src/console/console.c:1725:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(obuf, q, len);
data/bareos-17.2.7/src/console/console.c:1727:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(obuf+len, "\r\n", 3);
data/bareos-17.2.7/src/console/console_conf.c:266:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res, &res_all, resources[rindex].size);
data/bareos-17.2.7/src/dird/admin.c:74:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdt[50], edt[50], schedt[50];
data/bareos-17.2.7/src/dird/admin.c:75:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_code[100];
data/bareos-17.2.7/src/dird/admin.c:103:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(term_code, _("Inappropriate term code: %c\n"), jcr->JobStatus);
data/bareos-17.2.7/src/dird/archive.c:72:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdt[50], edt[50], schedt[50];
data/bareos-17.2.7/src/dird/archive.c:73:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_code[100];
data/bareos-17.2.7/src/dird/archive.c:101:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(term_code, _("Inappropriate term code: %c\n"), jcr->JobStatus);
data/bareos-17.2.7/src/dird/authenticate.c:66:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/authenticate.c:123:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/authenticate.c:240:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/autoprune.c:89:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[100], ed3[50];
data/bareos-17.2.7/src/dird/autoprune.c:143:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char changer[100];
data/bareos-17.2.7/src/dird/autoprune.c:219:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mr, &lmr, sizeof(MEDIA_DBR));
data/bareos-17.2.7/src/dird/backup.c:174:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_jobid[50];
data/bareos-17.2.7/src/dird/backup.c:397:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[100];
data/bareos-17.2.7/src/dird/backup.c:801:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_code[100];
data/bareos-17.2.7/src/dird/backup.c:859:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(term_code, _("Inappropriate term code: %c\n"), jcr->JobStatus);
data/bareos-17.2.7/src/dird/backup.c:881:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char edt[50], ed1[50], ed2[50];
data/bareos-17.2.7/src/dird/backup.c:891:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fname, jcr->is_JobLevel(L_FULL)?"w+b":"a+b");
data/bareos-17.2.7/src/dird/backup.c:949:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdt[50], edt[50], schedt[50], gdt[50];
data/bareos-17.2.7/src/dird/backup.c:950:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30], ec2[30], ec3[30], ec4[30], ec5[30], compress[50];
data/bareos-17.2.7/src/dird/backup.c:951:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec6[30], ec7[30], ec8[30], elapsed[50];
data/bareos-17.2.7/src/dird/backup.c:952:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fd_term_msg[100], sd_term_msg[100];
data/bareos-17.2.7/src/dird/bsr.c:265:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fname.c_str(), "w+b");
data/bareos-17.2.7/src/dird/bsr.c:311:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Device[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/bsr.c:394:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/dird/bsr.c:397:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/bsr.c:726:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bs = fopen(jcr->RestoreBootstrap, "rb");
data/bareos-17.2.7/src/dird/bsr.h:70:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char storage[MAX_NAME_LENGTH + 1];
data/bareos-17.2.7/src/dird/catreq.c:80:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50], ed4[50], ed5[50], ed6[50];
data/bareos-17.2.7/src/dird/catreq.c:107:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/catreq.c:108:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pool_name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/catreq.c:474:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jcr->attr, msg, msglen);
data/bareos-17.2.7/src/dird/catreq.c:592:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digestbuf[BASE64_SIZE(CRYPTO_DIGEST_MAX_SIZE)];
data/bareos-17.2.7/src/dird/catreq.c:700:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
spool_fd = open(file, O_RDONLY | O_BINARY);
data/bareos-17.2.7/src/dird/consolidate.c:151:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdt[50];
data/bareos-17.2.7/src/dird/consolidate.c:206:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdt_allowed[50];
data/bareos-17.2.7/src/dird/consolidate.c:207:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdt_starttime[50];
data/bareos-17.2.7/src/dird/consolidate.c:302:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_code[100];
data/bareos-17.2.7/src/dird/consolidate.c:304:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdt[50], edt[50], schedt[50];
data/bareos-17.2.7/src/dird/consolidate.c:330:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(term_code, _("Inappropriate term code: %c\n"), jcr->JobStatus);
data/bareos-17.2.7/src/dird/dbcheck.c:61:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[20000];
data/bareos-17.2.7/src/dird/dbcheck.c:145:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cmd[1000];
data/bareos-17.2.7/src/dird/dbcheck.c:475:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/dbcheck.c:550:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_name[5000];
data/bareos-17.2.7/src/dird/dbcheck.c:595:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/dird/dbcheck.c:636:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/dbcheck.c:684:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/dbcheck.c:736:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/dbcheck.c:778:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/dbcheck.c:823:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/dbcheck.c:869:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/dbcheck.c:911:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/dbcheck.c:947:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/dbcheck.c:984:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/dbcheck.c:999:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_name[5000];
data/bareos-17.2.7/src/dird/dbcheck.c:1004:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/dbcheck.c:1055:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/dbcheck.c:1069:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc_name[5000];
data/bareos-17.2.7/src/dird/dbcheck.c:1074:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/dbcheck.c:1150:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int item = atoi(cmd);
data/bareos-17.2.7/src/dird/dbcheck.c:1209:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bareos-17.2.7/src/dird/dir_plugins.c:81:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char events[nbytes_for_bits(DIR_NR_EVENTS + 1)]; /* enabled events bitmask */
data/bareos-17.2.7/src/dird/dir_plugins.c:897:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plugin_dir[PATH_MAX];
data/bareos-17.2.7/src/dird/dird.c:153:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/dird.c:154:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/dird/dird.c:243:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bareos-17.2.7/src/dird/dird.c:641:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_table, &prev_config, sizeof(resource_table_reference));
data/bareos-17.2.7/src/dird/dird.c:1312:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prbuf[500];
data/bareos-17.2.7/src/dird/dird_conf.c:1087:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
offset = (char *)(items[i].value) - (char *)&res_all;
data/bareos-17.2.7/src/dird/dird_conf.c:2329:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char level_no[30];
data/bareos-17.2.7/src/dird/dird_conf.c:3048:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res, &res_all, resources[rindex].size);
data/bareos-17.2.7/src/dird/dird_conf.c:3807:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(script, &res_runscript, sizeof(RUNSCRIPT));
data/bareos-17.2.7/src/dird/dird_conf.h:162:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open; /**< drive open */
data/bareos-17.2.7/src/dird/dird_conf.h:169:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ChangerName[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/dird_conf.h:170:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolumeName[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/dird_conf.h:171:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MediaType[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/dird_conf.h:460:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opts[MAX_FOPTS]; /**< Options string */
data/bareos-17.2.7/src/dird/dird_conf.h:501:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MD5[30]; /**< Base 64 representation of MD5 */
data/bareos-17.2.7/src/dird/dird_conf.h:598:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hour[nbytes_for_bits(24 + 1)]; /**< bit set for each hour */
data/bareos-17.2.7/src/dird/dird_conf.h:599:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mday[nbytes_for_bits(31 + 1)]; /**< bit set for each day of month */
data/bareos-17.2.7/src/dird/dird_conf.h:600:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char month[nbytes_for_bits(12 + 1)]; /**< bit set for each month */
data/bareos-17.2.7/src/dird/dird_conf.h:601:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wday[nbytes_for_bits(7 + 1)]; /**< bit set for each day of the week */
data/bareos-17.2.7/src/dird/dird_conf.h:602:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wom[nbytes_for_bits(5 + 1)]; /**< week of month */
data/bareos-17.2.7/src/dird/dird_conf.h:603:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char woy[nbytes_for_bits(54 + 1)]; /**< week of year */
data/bareos-17.2.7/src/dird/expand.c:42:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/bareos-17.2.7/src/dird/expand.c:86:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/bareos-17.2.7/src/dird/expand.c:388:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v, val, p-val);
data/bareos-17.2.7/src/dird/fd_cmds.c:130:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH + 100];
data/bareos-17.2.7/src/dird/fd_cmds.c:200:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30];
data/bareos-17.2.7/src/dird/fd_cmds.c:313:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/fd_cmds.c:423:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newopts[MAX_FOPTS];
data/bareos-17.2.7/src/dird/fd_cmds.c:556:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2000];
data/bareos-17.2.7/src/dird/fd_cmds.c:591:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ffd = fopen(p, "rb")) == NULL) {
data/bareos-17.2.7/src/dird/fd_cmds.c:856:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/fd_cmds.c:881:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/getmsg.c:146:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/getmsg.c:147:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MsgType[20];
data/bareos-17.2.7/src/dird/getmsg.c:186:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/getmsg.c:269:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/bareos-17.2.7/src/dird/getmsg.c:290:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/inc_conf.c:201:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char option[64];
data/bareos-17.2.7/src/dird/inc_conf.c:277:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prbuf[500];
data/bareos-17.2.7/src/dird/inc_conf.c:478:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inc_opts[100];
data/bareos-17.2.7/src/dird/inc_conf.c:786:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(incexe, &res_incexe, sizeof(INCEXE));
data/bareos-17.2.7/src/dird/job.c:674:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/job.c:1047:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prev_job[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/job.c:1360:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[MD5HashSize];
data/bareos-17.2.7/src/dird/job.c:1447:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/dird/job.c:1448:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/jobq.c:702:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[50], dt2[50];
data/bareos-17.2.7/src/dird/migrate.c:260:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[100];
data/bareos-17.2.7/src/dird/migrate.c:355:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/migrate.c:411:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[maxlen+1];
data/bareos-17.2.7/src/dird/migrate.c:444:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[maxlen+1];
data/bareos-17.2.7/src/dird/migrate.c:640:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prbuf[500];
data/bareos-17.2.7/src/dird/migrate.c:769:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30], ed2[30];
data/bareos-17.2.7/src/dird/migrate.c:933:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/dird/migrate.c:1044:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[100];
data/bareos-17.2.7/src/dird/migrate.c:1294:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[100];
data/bareos-17.2.7/src/dird/migrate.c:1656:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_code[100], sd_term_msg[100];
data/bareos-17.2.7/src/dird/migrate.c:1657:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdt[MAX_TIME_LENGTH], edt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/dird/migrate.c:1658:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30], ec2[30], ec3[30], ec4[30], ec5[30], elapsed[50];
data/bareos-17.2.7/src/dird/migrate.c:1659:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec6[50], ec7[50], ec8[50];
data/bareos-17.2.7/src/dird/migrate.c:1774:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30];
data/bareos-17.2.7/src/dird/migrate.c:1790:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_jobid[50], new_jobid[50];
data/bareos-17.2.7/src/dird/msgchan.c:113:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bareos-17.2.7/src/dird/msgchan.c:120:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bs = fopen(jcr->RestoreBootstrap, "rb");
data/bareos-17.2.7/src/dird/msgchan.c:147:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auth_key[100];
data/bareos-17.2.7/src/dird/msgchan.c:154:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30], ed2[30];
data/bareos-17.2.7/src/dird/msgchan.c:417:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auth_key[100];
data/bareos-17.2.7/src/dird/msgchan.c:418:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ndmp_dma_backup_NDMP_BAREOS.c:181:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[100];
data/bareos-17.2.7/src/dird/ndmp_dma_backup_NDMP_BAREOS.c:341:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ndmp_sess.control_acb->job, &ndmp_job, sizeof(struct ndm_job_param));
data/bareos-17.2.7/src/dird/ndmp_dma_backup_NDMP_NATIVE.c:156:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[100];
data/bareos-17.2.7/src/dird/ndmp_dma_backup_NDMP_NATIVE.c:316:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ndmp_sess.control_acb->job, &ndmp_job, sizeof(struct ndm_job_param));
data/bareos-17.2.7/src/dird/ndmp_dma_backup_NDMP_NATIVE.c:546:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mediabuf[100];
data/bareos-17.2.7/src/dird/ndmp_dma_backup_common.c:86:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_level[50];
data/bareos-17.2.7/src/dird/ndmp_dma_backup_common.c:293:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_code[100];
data/bareos-17.2.7/src/dird/ndmp_dma_backup_common.c:350:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(term_code, _("Inappropriate term code: %c\n"), jcr->JobStatus);
data/bareos-17.2.7/src/dird/ndmp_dma_generic.c:155:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char audit_buffer[256];
data/bareos-17.2.7/src/dird/ndmp_dma_generic.c:611:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ndmp_sess.control_acb->job, ndmp_job, sizeof(struct ndm_job_param));
data/bareos-17.2.7/src/dird/ndmp_dma_restore_NDMP_BAREOS.c:604:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/dird/ndmp_dma_restore_NDMP_BAREOS.c:699:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ndmp_sess.control_acb->job, &ndmp_job, sizeof(struct ndm_job_param));
data/bareos-17.2.7/src/dird/ndmp_dma_restore_NDMP_NATIVE.c:264:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mediabuf[100];
data/bareos-17.2.7/src/dird/ndmp_dma_restore_NDMP_NATIVE.c:319:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ndmp_sess.control_acb->job, &ndmp_job, sizeof(struct ndm_job_param));
data/bareos-17.2.7/src/dird/ndmp_dma_restore_common.c:183:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_code[100];
data/bareos-17.2.7/src/dird/ndmp_dma_restore_common.c:232:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(term_code, _("Inappropriate term code: %c\n"), TermCode);
data/bareos-17.2.7/src/dird/ndmp_dma_storage.c:136:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ndmp_sess->control_acb->job, ndmp_job, sizeof(struct ndm_job_param));
data/bareos-17.2.7/src/dird/ndmp_fhdb_lmdb.c:46:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuffer[1];
data/bareos-17.2.7/src/dird/ndmp_fhdb_lmdb.c:100:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(payload->namebuffer, raw_name, length + 1);
data/bareos-17.2.7/src/dird/ndmp_fhdb_lmdb.c:182:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fhdb_state->pay_load, data.mv_data, data.mv_size);
data/bareos-17.2.7/src/dird/ndmp_fhdb_lmdb.c:188:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&payload->ndmp_fstat, ndmp_fstat, sizeof(ndmp9_file_stat));
data/bareos-17.2.7/src/dird/ndmp_fhdb_mem.c:51:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first[1]; /* First byte */
data/bareos-17.2.7/src/dird/newvol.c:124:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[20];
data/bareos-17.2.7/src/dird/newvol.c:128:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/newvol.c:144:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num, "%04d", i);
data/bareos-17.2.7/src/dird/next_vol.c:220:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/next_vol.c:458:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mr, &smr, sizeof(MEDIA_DBR));
data/bareos-17.2.7/src/dird/restore.c:510:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_code[100];
data/bareos-17.2.7/src/dird/restore.c:559:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(term_code, _("Inappropriate term code: %c\n"), TermCode);
data/bareos-17.2.7/src/dird/restore.c:576:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdt[MAX_TIME_LENGTH], edt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/dird/restore.c:577:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30], ec2[30], ec3[30], elapsed[50];
data/bareos-17.2.7/src/dird/restore.c:578:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fd_term_msg[100], sd_term_msg[100];
data/bareos-17.2.7/src/dird/run_conf.c:358:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code = atoi(lc->str) - 1;
data/bareos-17.2.7/src/dird/run_conf.c:379:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code = atoi(lc->str+1);
data/bareos-17.2.7/src/dird/run_conf.c:463:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code = atoi(lc->str); /* Pick up hour */
data/bareos-17.2.7/src/dird/run_conf.c:464:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code2 = atoi(p); /* Pick up minutes */
data/bareos-17.2.7/src/dird/run_conf.c:525:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code = atoi(lc->str) - 1;
data/bareos-17.2.7/src/dird/run_conf.c:526:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code2 = atoi(p);
data/bareos-17.2.7/src/dird/run_conf.c:553:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code = atoi(lc->str + 1);
data/bareos-17.2.7/src/dird/run_conf.c:554:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code2 = atoi(p + 1);
data/bareos-17.2.7/src/dird/run_conf.c:588:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code = atoi(lc->str) - 1;
data/bareos-17.2.7/src/dird/run_conf.c:589:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code2 = atoi(p) - 1;
data/bareos-17.2.7/src/dird/run_conf.c:611:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code = atoi(lc->str + 1);
data/bareos-17.2.7/src/dird/run_conf.c:612:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code2 = atoi(p + 1);
data/bareos-17.2.7/src/dird/run_conf.c:736:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nrun, &lrun, sizeof(RUNRES));
data/bareos-17.2.7/src/dird/scheduler.c:505:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/dird/sd_cmds.c:176:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/sd_cmds.c:250:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/sd_cmds.c:363:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vl->Slot = atoi(field1);
data/bareos-17.2.7/src/dird/sd_cmds.c:387:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!is_an_integer(field1) || (vl->Slot = atoi(field1)) <= 0) {
data/bareos-17.2.7/src/dird/sd_cmds.c:433:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!is_an_integer(field2) || (vl->Slot = atoi(field2)) < 0) {
data/bareos-17.2.7/src/dird/sd_cmds.c:447:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!is_an_integer(field2) || (vl->Slot = atoi(field2)) <= 0) {
data/bareos-17.2.7/src/dird/sd_cmds.c:471:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vl->Loaded = atoi(field4);
data/bareos-17.2.7/src/dird/sd_cmds.c:529:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/sd_cmds.c:563:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/sd_cmds.c:794:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/sd_cmds.c:842:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/socket_server.c:65:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/socket_server.c:66:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/dird/stats.c:56:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/testfind.c:115:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bareos-17.2.7/src/dird/testfind.c:293:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[100] = "";
data/bareos-17.2.7/src/dird/testfind.c:339:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attr[200];
data/bareos-17.2.7/src/dird/ua.h:62:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argk[MAX_CMD_ARGS]; /**< Argument keywords */
data/bareos-17.2.7/src/dird/ua.h:63:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[MAX_CMD_ARGS]; /**< Argument values */
data/bareos-17.2.7/src/dird/ua.h:175:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_jobid[20];
data/bareos-17.2.7/src/dird/ua_cmds.c:533:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_cmds.c:579:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bareos-17.2.7/src/dird/ua_cmds.c:896:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_cmds.c:909:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
limit = ((int64_t)atoi(ua->argv[i]) * 1024);
data/bareos-17.2.7/src/dird/ua_cmds.c:977:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bareos-17.2.7/src/dird/ua_cmds.c:1310:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
level = atoi(ua->argv[i]);
data/bareos-17.2.7/src/dird/ua_cmds.c:1324:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trace_flag = atoi(ua->argv[i]);
data/bareos-17.2.7/src/dird/ua_cmds.c:1337:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hangup_flag = atoi(ua->argv[i]);
data/bareos-17.2.7/src/dird/ua_cmds.c:1347:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timestamp_flag = atoi(ua->argv[i]);
data/bareos-17.2.7/src/dird/ua_cmds.c:1513:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addresses[2048];
data/bareos-17.2.7/src/dird/ua_cmds.c:1804:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdt[50];
data/bareos-17.2.7/src/dird/ua_cmds.c:1842:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_NAME_LENGTH * 2 + 1];
data/bareos-17.2.7/src/dird/ua_cmds.c:2224:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/bareos-17.2.7/src/dird/ua_cmds.c:2270:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_cmds.c:2283:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bareos-17.2.7/src/dird/ua_cmds.c:2329:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/bareos-17.2.7/src/dird/ua_cmds.c:2502:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_configure.c:71:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, flags, 0640)) >= 0) {
data/bareos-17.2.7/src/dird/ua_dotcmds.c:142:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char en1[30], en2[30];
data/bareos-17.2.7/src/dird/ua_dotcmds.c:613:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_dotcmds.c:1486:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_input.c:212:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Enabled = atoi(val);
data/bareos-17.2.7/src/dird/ua_label.c:95:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_label.c:447:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_label.c:598:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mr.Slot = atoi(ua->argv[i]);
data/bareos-17.2.7/src/dird/ua_output.c:517:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jr->limit = atoi(ua->argv[i]);
data/bareos-17.2.7/src/dird/ua_output.c:528:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jr->offset = atoi(ua->argv[i]);
data/bareos-17.2.7/src/dird/ua_output.c:530:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp.bsprintf(" OFFSET %d", atoi(ua->argv[i]));
data/bareos-17.2.7/src/dird/ua_output.c:1005:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
days = atoi(ua->argv[i]);
data/bareos-17.2.7/src/dird/ua_output.c:1429:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[300], num[10];
data/bareos-17.2.7/src/dird/ua_output.c:1523:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[2000];
data/bareos-17.2.7/src/dird/ua_prune.c:355:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_prune.c:414:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_prune.c:415:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/dird/ua_prune.c:455:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[MAX_ESCAPE_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_prune.c:505:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_prune.c:683:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_prune.c:912:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/dird/ua_purge.c:142:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jobid[50];
data/bareos-17.2.7/src/dird/ua_purge.c:266:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_purge.c:317:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_purge.c:393:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_purge.c:424:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_purge.c:638:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_purge.c:767:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[MAX_NAME_LENGTH * 2 + 1];
data/bareos-17.2.7/src/dird/ua_purge.c:795:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
drive = atoi(ua->argv[i]);
data/bareos-17.2.7/src/dird/ua_query.c:56:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1000];
data/bareos-17.2.7/src/dird/ua_query.c:58:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prompt[9];
data/bareos-17.2.7/src/dird/ua_query.c:65:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd=fopen(query_file, "rb")) == NULL) {
data/bareos-17.2.7/src/dird/ua_query.c:165:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *subst[9];
data/bareos-17.2.7/src/dird/ua_restore.c:224:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_restore.c:487:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/dird/ua_restore.c:870:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_restore.c:943:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[5000];
data/bareos-17.2.7/src/dird/ua_restore.c:950:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ffd = fopen(p, "rb")) == NULL) {
data/bareos-17.2.7/src/dird/ua_restore.c:1135:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[500] = "";
data/bareos-17.2.7/src/dird/ua_restore.c:1180:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_restore.c:1268:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50];
data/bareos-17.2.7/src/dird/ua_restore.c:1323:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/dird/ua_restore.c:1324:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pool_select[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_restore.c:1325:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileset_name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_run.c:52:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/dird/ua_run.c:210:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/dird/ua_run.c:211:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_run.c:212:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed2[50];
data/bareos-17.2.7/src/dird/ua_run.c:524:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_run.c:706:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(jcr->RestoreBootstrap, "rb");
data/bareos-17.2.7/src/dird/ua_run.c:1228:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30];
data/bareos-17.2.7/src/dird/ua_run.c:1230:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/dird/ua_run.c:1903:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rc.Priority = atoi(ua->argv[i]);
data/bareos-17.2.7/src/dird/ua_run.c:1922:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rc.files = atoi(ua->argv[i]);
data/bareos-17.2.7/src/dird/ua_select.c:44:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[100];
data/bareos-17.2.7/src/dird/ua_select.c:157:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_select.c:191:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_select.c:218:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_select.c:272:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_select.c:303:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_select.c:350:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_select.c:377:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_select.c:404:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_select.c:461:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_select.c:540:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_select.c:576:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cr, &ocr, sizeof(ocr));
data/bareos-17.2.7/src/dird/ua_select.c:648:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_select.c:709:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pr, &opr, sizeof(opr));
data/bareos-17.2.7/src/dird/ua_select.c:747:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_select.c:808:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sr, &osr, sizeof(osr));
data/bareos-17.2.7/src/dird/ua_select.c:881:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_select.c:1162:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_select.c:1277:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char drivename[10];
data/bareos-17.2.7/src/dird/ua_select.c:1285:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
drive = atoi(ua->argv[i]);
data/bareos-17.2.7/src/dird/ua_select.c:1334:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
slot = atoi(ua->argv[i]);
data/bareos-17.2.7/src/dird/ua_select.c:1343:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
slot = atoi(ua->cmd);
data/bareos-17.2.7/src/dird/ua_select.c:1527:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bareos-17.2.7/src/dird/ua_select.c:1647:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256];
data/bareos-17.2.7/src/dird/ua_select.c:1648:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char JobName[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_select.c:1655:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_select.c:1674:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[1000];
data/bareos-17.2.7/src/dird/ua_select.c:1719:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char search_argument[20];
data/bareos-17.2.7/src/dird/ua_select.c:1771:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
beg = atoi(p);
data/bareos-17.2.7/src/dird/ua_select.c:1772:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
end = atoi(h);
data/bareos-17.2.7/src/dird/ua_select.c:1783:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
beg = end = atoi(p);
data/bareos-17.2.7/src/dird/ua_select.c:1830:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char job_type[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_status.c:80:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_status.c:208:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prmt[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_status.c:340:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/dird/ua_status.c:341:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b1[35], b2[35], b3[35], b4[35], b5[35];
data/bareos-17.2.7/src/dird/ua_status.c:381:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/dird/ua_status.c:557:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char schedulename[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_status.c:571:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
days = atoi(ua->argv[i]);
data/bareos-17.2.7/src/dird/ua_status.c:801:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/dird/ua_status.c:901:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
days = atoi(ua->argv[i]);
data/bareos-17.2.7/src/dird/ua_status.c:962:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/dird/ua_status.c:963:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char level[10];
data/bareos-17.2.7/src/dird/ua_status.c:1067:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/dird/ua_status.c:1186:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH], b1[30], b2[30];
data/bareos-17.2.7/src/dird/ua_status.c:1187:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char level[10];
data/bareos-17.2.7/src/dird/ua_status.c:1201:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char JobName[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/dird/ua_status.c:1281:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/dird/ua_status.c:1304:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50];
data/bareos-17.2.7/src/dird/ua_tree.c:466:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50];
data/bareos-17.2.7/src/dird/ua_tree.c:561:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50];
data/bareos-17.2.7/src/dird/ua_tree.c:593:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50], ec2[50];
data/bareos-17.2.7/src/dird/ua_tree.c:740:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indent[max_level*2+1];
data/bareos-17.2.7/src/dird/ua_tree.c:787:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode_str[11];
data/bareos-17.2.7/src/dird/ua_tree.c:788:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_str[22];
data/bareos-17.2.7/src/dird/ua_tree.c:789:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30];
data/bareos-17.2.7/src/dird/ua_tree.c:790:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char en1[30], en2[30];
data/bareos-17.2.7/src/dird/ua_tree.c:926:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50];
data/bareos-17.2.7/src/dird/ua_tree.c:1124:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_update.c:147:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_update.c:161:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[150], ed2[50];
data/bareos-17.2.7/src/dird/ua_update.c:180:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[150], ed2[50];
data/bareos-17.2.7/src/dird/ua_update.c:200:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_update.c:214:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_update.c:228:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/dird/ua_update.c:247:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_update.c:268:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_update.c:298:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mr->Slot = atoi(val);
data/bareos-17.2.7/src/dird/ua_update.c:323:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/dird/ua_update.c:358:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/dird/ua_update.c:398:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/dird/ua_update.c:550:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bareos-17.2.7/src/dird/ua_update.c:551:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[130];
data/bareos-17.2.7/src/dird/ua_update.c:909:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
since = ((int64_t)atoi(ua->argv[i]) * 24 * 60 * 60);
data/bareos-17.2.7/src/dird/ua_update.c:925:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/dird/ua_update.c:960:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50], ed4[50];
data/bareos-17.2.7/src/dird/unittests/ndmp_fhdb_test.c:181:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/bareos-17.2.7/src/dird/unittests/ndmp_fhdb_test.c:186:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "node%lu", i);
data/bareos-17.2.7/src/dird/vbackup.c:155:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[100];
data/bareos-17.2.7/src/dird/vbackup.c:365:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30], ec2[30];
data/bareos-17.2.7/src/dird/vbackup.c:366:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_code[100];
data/bareos-17.2.7/src/dird/vbackup.c:451:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(term_code, _("Inappropriate term code: %c\n"), jcr->JobStatus);
data/bareos-17.2.7/src/dird/verify.c:105:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[100];
data/bareos-17.2.7/src/dird/verify.c:483:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdt[50], edt[50];
data/bareos-17.2.7/src/dird/verify.c:484:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30], ec2[30];
data/bareos-17.2.7/src/dird/verify.c:485:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_code[100], fd_term_msg[100], sd_term_msg[100];
data/bareos-17.2.7/src/dird/verify.c:732:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30], ed2[30];
data/bareos-17.2.7/src/filed/accurate.c:210:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30], ed2[30];
data/bareos-17.2.7/src/filed/accurate_htable.c:82:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(item->fname, fname, fname_length);
data/bareos-17.2.7/src/filed/accurate_htable.c:86:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(item->payload.lstat, lstat, lstat_length);
data/bareos-17.2.7/src/filed/accurate_htable.c:91:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(item->payload.chksum, chksum, chksum_length);
data/bareos-17.2.7/src/filed/accurate_lmdb.c:173:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(payload->lstat, lstat, lstat_length);
data/bareos-17.2.7/src/filed/accurate_lmdb.c:178:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(payload->chksum, chksum, chksum_length);
data/bareos-17.2.7/src/filed/accurate_lmdb.c:285:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(payload, data.mv_data, data.mv_size);
data/bareos-17.2.7/src/filed/accurate_lmdb.c:341:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_payload->lstat, payload->lstat, lstat_length);
data/bareos-17.2.7/src/filed/accurate_lmdb.c:346:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_payload->chksum, payload->chksum, chksum_length);
data/bareos-17.2.7/src/filed/authenticate.c:97:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[64];
data/bareos-17.2.7/src/filed/authenticate.c:106:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[64];
data/bareos-17.2.7/src/filed/authenticate.c:118:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[64];
data/bareos-17.2.7/src/filed/backup.c:194:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[FOPTS_BYTES];
data/bareos-17.2.7/src/filed/backup.c:223:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bsctx.ff_pkt->flags, flags, sizeof(flags));
data/bareos-17.2.7/src/filed/backup.c:869:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sd->msg, ff_pkt->digest, ff_pkt->digest_len);
data/bareos-17.2.7/src/filed/backup.c:1051:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bctx->rbuf, pbData, ulLength);
data/bareos-17.2.7/src/filed/backup.c:1063:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bctx->rbuf, pbData + offset, sd->msglen);
data/bareos-17.2.7/src/filed/backup.c:1423:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sd->msg + sd->msglen, ff_pkt->object, comp_len);
data/bareos-17.2.7/src/filed/crypto.c:282:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50]; /* Buffer printing huge values */
data/bareos-17.2.7/src/filed/dir_cmd.c:448:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char jobname[12] = "*Director*";
data/bareos-17.2.7/src/filed/dir_cmd.c:541:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/filed/dir_cmd.c:642:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/filed/dir_cmd.c:643:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/filed/dir_cmd.c:645:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char month[100];
data/bareos-17.2.7/src/filed/dir_cmd.c:791:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addresses[2048];
data/bareos-17.2.7/src/filed/dir_cmd.c:792:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[2048];
data/bareos-17.2.7/src/filed/dir_cmd.c:835:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/filed/dir_cmd.c:887:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/filed/dir_cmd.c:963:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/filed/dir_cmd.c:1310:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(object_content.c_str(), rop.object, rop.object_len);
data/bareos-17.2.7/src/filed/dir_cmd.c:1434:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bs = fopen(fname, "a+b"); /* create file */
data/bareos-17.2.7/src/filed/dir_cmd.c:1505:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/filed/dir_cmd.c:1659:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stored_addr[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/filed/dir_cmd.c:2032:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szWinDriveLetters[27];
data/bareos-17.2.7/src/filed/dir_cmd.c:2171:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char level[100];
data/bareos-17.2.7/src/filed/estimate.c:111:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&attr.statp, &ff_pkt->statp, sizeof(struct stat));
data/bareos-17.2.7/src/filed/fd_plugins.c:139:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char events[nbytes_for_bits(FD_NR_EVENTS + 1)]; /* enabled events bitmask */
data/bareos-17.2.7/src/filed/fd_plugins.c:651:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[FOPTS_BYTES];
data/bareos-17.2.7/src/filed/fd_plugins.c:984:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&attr.statp, &sp.statp, sizeof(struct stat));
data/bareos-17.2.7/src/filed/fd_plugins.c:1368:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(acl_data->u.build->content, ap.content, ap.content_length);
data/bareos-17.2.7/src/filed/fd_plugins.c:2665:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plugin_dir[PATH_MAX];
data/bareos-17.2.7/src/filed/fd_plugins.h:88:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[FOPTS_BYTES]; /* Bareos internal flags */
data/bareos-17.2.7/src/filed/filed.c:129:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bareos-17.2.7/src/filed/filed_conf.c:435:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res, &res_all, resources[rindex].size);
data/bareos-17.2.7/src/filed/fileset.c:48:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[50];
data/bareos-17.2.7/src/filed/fileset.c:115:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bareos-17.2.7/src/filed/fileset.c:149:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ffd = fopen(p, "rb")) == NULL) {
data/bareos-17.2.7/src/filed/fileset.c:191:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prbuf[500];
data/bareos-17.2.7/src/filed/fileset.c:517:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strip[21];
data/bareos-17.2.7/src/filed/fileset.c:518:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size[50];
data/bareos-17.2.7/src/filed/fileset.c:679:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fo->strip_path = atoi(strip);
data/bareos-17.2.7/src/filed/restore.c:103:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50], ec2[50];
data/bareos-17.2.7/src/filed/restore.c:180:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dds->content, sd->msg, sd->msglen);
data/bareos-17.2.7/src/filed/restore.c:381:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50]; /* Buffer printing huge values */
data/bareos-17.2.7/src/filed/restore.c:1189:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50];
data/bareos-17.2.7/src/filed/restore.c:1261:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50]; /* Buffer printing huge values */
data/bareos-17.2.7/src/filed/restore.h:49:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[FOPTS_BYTES]; /* Options for extract_data() */
data/bareos-17.2.7/src/filed/restore.h:53:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fork_flags[FOPTS_BYTES]; /* Options for extract_data() */
data/bareos-17.2.7/src/filed/sd_cmds.c:37:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char job_name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/filed/sd_cmds.c:52:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[64];
data/bareos-17.2.7/src/filed/socket_server.c:54:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[100];
data/bareos-17.2.7/src/filed/status.c:77:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/filed/status.c:79:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b1[32], b2[32], b3[32], b4[32], b5[35];
data/bareos-17.2.7/src/filed/status.c:81:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[300];
data/bareos-17.2.7/src/filed/status.c:172:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH], b1[32], b2[32], b3[32], b4[32];
data/bareos-17.2.7/src/filed/status.c:258:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH], b1[32], b2[32], b3[32], b4[32];
data/bareos-17.2.7/src/filed/status.c:332:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char level[10], dt[MAX_TIME_LENGTH], b1[30], b2[30];
data/bareos-17.2.7/src/filed/status.c:358:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char JobName[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/filed/status.c:444:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bs->msg, msg.c_str(), len+1);
data/bareos-17.2.7/src/filed/verify.c:313:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DEFAULT_NETWORK_BUFFER_SIZE];
data/bareos-17.2.7/src/filed/verify.c:396:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md[CRYPTO_DIGEST_MAX_SIZE];
data/bareos-17.2.7/src/filed/verify_vol.c:54:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest[BASE64_SIZE(CRYPTO_DIGEST_MAX_SIZE)];
data/bareos-17.2.7/src/findlib/acl.c:373:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pacl_type_info, acl_type_list.entries + i, sizeof(acl_type_t));
data/bareos-17.2.7/src/findlib/acl.c:2179:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acl_text[BUFSIZ];
data/bareos-17.2.7/src/findlib/attribs.c:415:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50], ec2[50];
data/bareos-17.2.7/src/findlib/attribs.c:427:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50], ec2[50];
data/bareos-17.2.7/src/findlib/bfile.c:55:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bareos-17.2.7/src/findlib/bfile.c:88:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[20];
data/bareos-17.2.7/src/findlib/bfile.c:212:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", stream);
data/bareos-17.2.7/src/findlib/bfile.c:224:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBE, &v, sizeof(int64_t));
data/bareos-17.2.7/src/findlib/bfile.c:233:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBE, &rv, sizeof(int64_t));
data/bareos-17.2.7/src/findlib/bfile.c:244:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBE, &v, sizeof(int32_t));
data/bareos-17.2.7/src/findlib/bfile.c:253:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBE, &rv, sizeof(int32_t));
data/bareos-17.2.7/src/findlib/bfile.c:325:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char *)&pContext->header_stream)+dwOffsetTarget, ((char *)pBuffer)+dwOffsetSource, dwHeaderPartLen);
data/bareos-17.2.7/src/findlib/bfile.c:1114:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bfd->fid = open(fname, flags & ~O_NOATIME, mode);
data/bareos-17.2.7/src/findlib/enable_priv.c:77:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/bareos-17.2.7/src/findlib/enable_priv.c:78:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("AdjustTokenPrivileges set "));
data/bareos-17.2.7/src/findlib/find.c:132:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ff->AccurateOpts, "Cmcs"); /* mtime+ctime+size by default */
data/bareos-17.2.7/src/findlib/find.c:133:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ff->BaseJobOpts, "Jspug5"); /* size+perm+user+group+chk */
data/bareos-17.2.7/src/findlib/find.h:106:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options[FOPTS_BYTES]; /**< Backup options */
data/bareos-17.2.7/src/findlib/find.h:114:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VerifyOpts[20]; /**< Options for verify */
data/bareos-17.2.7/src/findlib/find.h:115:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[1];
data/bareos-17.2.7/src/findlib/find.h:121:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[1];
data/bareos-17.2.7/src/findlib/find.h:130:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[FOPTS_BYTES]; /**< Backup options */
data/bareos-17.2.7/src/findlib/find.h:137:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VerifyOpts[MAX_OPTS]; /**< Verify options */
data/bareos-17.2.7/src/findlib/find.h:138:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AccurateOpts[MAX_OPTS] ; /**< Accurate mode options */
data/bareos-17.2.7/src/findlib/find.h:139:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BaseJobOpts[MAX_OPTS]; /**< Basejob mode options */
data/bareos-17.2.7/src/findlib/find.h:179:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fndrinfo[32]; /**< Finder Info */
data/bareos-17.2.7/src/findlib/find.h:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1]; /**< The name */
data/bareos-17.2.7/src/findlib/find.h:235:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VerifyOpts[MAX_OPTS];
data/bareos-17.2.7/src/findlib/find.h:236:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AccurateOpts[MAX_OPTS];
data/bareos-17.2.7/src/findlib/find.h:237:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BaseJobOpts[MAX_OPTS];
data/bareos-17.2.7/src/findlib/find.h:249:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[FOPTS_BYTES]; /**< Backup options */
data/bareos-17.2.7/src/findlib/find_one.c:57:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dir_ff_pkt, ff_pkt, sizeof(FF_PKT));
data/bareos-17.2.7/src/findlib/find_one.c:105:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fs[1000];
data/bareos-17.2.7/src/findlib/find_one.c:137:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[100];
data/bareos-17.2.7/src/findlib/find_one.c:774:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(link + len, entry->d_name, name_length);
data/bareos-17.2.7/src/findlib/find_one.c:826:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(link + len, result->d_name, name_length);
data/bareos-17.2.7/src/findlib/find_one.c:916:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fs[100];
data/bareos-17.2.7/src/findlib/find_one.c:933:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[100];
data/bareos-17.2.7/src/findlib/fstype.c:190:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fs_typename[128];
data/bareos-17.2.7/src/findlib/hardlink.c:84:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_key, binary_search_key, sizeof(binary_search_key));
data/bareos-17.2.7/src/findlib/hardlink.c:100:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ff_pkt->linked->digest, digest, len);
data/bareos-17.2.7/src/findlib/match.c:124:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size[50];
data/bareos-17.2.7/src/findlib/mkpath.c:127:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_dir[5000];
data/bareos-17.2.7/src/findlib/mkpath.c:167:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char drive[4] = "X:\\";
data/bareos-17.2.7/src/findlib/savecwd.c:49:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fd = open(".", O_RDONLY);
data/bareos-17.2.7/src/findlib/unittests/drivetype_test.c:48:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[1000];
data/bareos-17.2.7/src/findlib/unittests/fstype_test.c:47:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fs[1000];
data/bareos-17.2.7/src/findlib/xattr.c:503:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current_xattr->name, bp, current_xattr->name_length);
data/bareos-17.2.7/src/findlib/xattr.c:697:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *xattr_acl_skiplist[1] = {
data/bareos-17.2.7/src/findlib/xattr.c:700:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *xattr_skiplist[1] = {
data/bareos-17.2.7/src/findlib/xattr.c:726:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[32];
data/bareos-17.2.7/src/findlib/xattr.c:1084:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *xattr_acl_skiplist[2] = {
data/bareos-17.2.7/src/findlib/xattr.c:1088:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *xattr_skiplist[3] = {
data/bareos-17.2.7/src/findlib/xattr.c:1097:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *xattr_acl_skiplist[3] = {
data/bareos-17.2.7/src/findlib/xattr.c:1102:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *xattr_skiplist[1] = {
data/bareos-17.2.7/src/findlib/xattr.c:1109:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *xattr_acl_skiplist[1] = {
data/bareos-17.2.7/src/findlib/xattr.c:1112:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *xattr_skiplist[1] = {
data/bareos-17.2.7/src/findlib/xattr.c:1314:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current_xattr->name, bp, current_xattr->name_length);
data/bareos-17.2.7/src/findlib/xattr.c:1530:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *xattr_acl_skiplist[4] = {
data/bareos-17.2.7/src/findlib/xattr.c:1536:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *xattr_skiplist[1] = {
data/bareos-17.2.7/src/findlib/xattr.c:1547:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *xattr_acl_skiplist[1] = {
data/bareos-17.2.7/src/findlib/xattr.c:1550:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *xattr_skiplist[1] = {
data/bareos-17.2.7/src/findlib/xattr.c:1561:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *xattr_acl_skiplist[1] = {
data/bareos-17.2.7/src/findlib/xattr.c:1564:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *xattr_skiplist[1] = {
data/bareos-17.2.7/src/findlib/xattr.c:1582:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_attrname[XATTR_BUFSIZ], current_attrtuple[XATTR_BUFSIZ];
data/bareos-17.2.7/src/findlib/xattr.c:1783:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current_xattr->name, current_attrtuple, current_xattr->name_length);
data/bareos-17.2.7/src/findlib/xattr.c:2025:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *xattr_acl_skiplist[1] = {
data/bareos-17.2.7/src/findlib/xattr.c:2028:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *xattr_skiplist[1] = {
data/bareos-17.2.7/src/findlib/xattr.c:2195:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current_xattr->value, xattr_value, current_xattr->value_length);
data/bareos-17.2.7/src/findlib/xattr.c:2787:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_attrname[PATH_MAX];
data/bareos-17.2.7/src/findlib/xattr.c:2788:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_source[PATH_MAX];
data/bareos-17.2.7/src/findlib/xattr.c:2790:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attribs[XATTR_BUFSIZ];
data/bareos-17.2.7/src/findlib/xattr.c:2791:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[XATTR_BUFSIZ];
data/bareos-17.2.7/src/findlib/xattr.c:3032:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xattr_data->u.build->content +
data/bareos-17.2.7/src/findlib/xattr.c:3106:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_xattr_namespace[PATH_MAX];
data/bareos-17.2.7/src/findlib/xattr.c:3130:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((filefd = open(name, O_RDONLY | O_NONBLOCK)) < 0) {
data/bareos-17.2.7/src/findlib/xattr.c:3386:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((filefd = open(xattr_data->last_fname, O_RDONLY | O_NONBLOCK)) < 0) {
data/bareos-17.2.7/src/findlib/xattr.c:3430:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(target_attrname, O_RDONLY | O_NONBLOCK)) < 0) {
data/bareos-17.2.7/src/findlib/xattr.c:3755:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX];
data/bareos-17.2.7/src/findlib/xattr.c:3785:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX];
data/bareos-17.2.7/src/include/jcr.h:345:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH]; /**< Unique name of this Job */
data/bareos-17.2.7/src/include/jcr.h:455:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FSCreateTime[MAX_TIME_LENGTH]; /**< FileSet CreateTime as returned from DB */
data/bareos-17.2.7/src/include/jcr.h:456:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char since[MAX_TIME_LENGTH]; /**< Since time */
data/bareos-17.2.7/src/include/jcr.h:457:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PrevJob[MAX_NAME_LENGTH]; /**< Previous job name assiciated with since time */
data/bareos-17.2.7/src/include/jcr.h:517:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PrevJob[MAX_NAME_LENGTH]; /**< Previous job name assiciated with since time */
data/bareos-17.2.7/src/include/jcr.h:632:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/lib/address_conf.c:203:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/bareos-17.2.7/src/lib/address_conf.c:231:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/bareos-17.2.7/src/lib/address_conf.c:272:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/bareos-17.2.7/src/lib/address_conf.c:343:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int pnum = atol(port_str);
data/bareos-17.2.7/src/lib/address_conf.c:408:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bareos-17.2.7/src/lib/attr.c:110:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr->attrEx, p, object_len);
data/bareos-17.2.7/src/lib/attr.c:246:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5000];
data/bareos-17.2.7/src/lib/attr.c:247:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30];
data/bareos-17.2.7/src/lib/attr.c:248:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char en1[30], en2[30];
data/bareos-17.2.7/src/lib/attr.c:262:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, " %2d ", (uint32_t)attr->statp.st_nlink);
data/bareos-17.2.7/src/lib/attr.c:263:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%-8.8s %-8.8s",
data/bareos-17.2.7/src/lib/attr.c:266:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%12.12s ", edit_int64(attr->statp.st_size, ec1));
data/bareos-17.2.7/src/lib/bits.h:89:34: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define copy_bits(b, var1, var2) memcpy((var2), (var1), nbytes_for_bits((b)))
data/bareos-17.2.7/src/lib/bmtio.h:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _reserved_padding[256];
data/bareos-17.2.7/src/lib/bnet.c:572:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[30];
data/bareos-17.2.7/src/lib/bnet.c:593:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, _("Unknown sig %d"), (int)bs->msglen);
data/bareos-17.2.7/src/lib/bnet_server_tcp.c:141:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/bareos-17.2.7/src/lib/bnet_server_tcp.c:148:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char allbuf[256 * 10];
data/bareos-17.2.7/src/lib/bnet_server_tcp.c:198:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curbuf[256];
data/bareos-17.2.7/src/lib/bpipe.c:59:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bargv[MAX_ARGV];
data/bareos-17.2.7/src/lib/breg.c:202:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prbuf[500];
data/bareos-17.2.7/src/lib/bregex.c:138:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *start[NUM_REGISTERS];
data/bareos-17.2.7/src/lib/bregex.c:139:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *end[NUM_REGISTERS];
data/bareos-17.2.7/src/lib/bregex.c:454:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char plain_ops[256];
data/bareos-17.2.7/src/lib/bregex.c:455:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char quoted_ops[256];
data/bareos-17.2.7/src/lib/bregex.c:456:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char precedences[Rnum_ops];
data/bareos-17.2.7/src/lib/bregex.c:465:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char re_syntax_table[256];
data/bareos-17.2.7/src/lib/bregex.c:684:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char small_visited[512], *visited;
data/bareos-17.2.7/src/lib/bregex.c:746:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char map[256];
data/bareos-17.2.7/src/lib/bregex.h:149:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char re_syntax_table[256];
data/bareos-17.2.7/src/lib/bsnprintf.c:508:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char convert[25];
data/bareos-17.2.7/src/lib/bsnprintf.c:639:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iconvert[311];
data/bareos-17.2.7/src/lib/bsnprintf.c:640:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fconvert[311];
data/bareos-17.2.7/src/lib/bsnprintf.c:642:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iconvert[311];
data/bareos-17.2.7/src/lib/bsnprintf.c:643:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fconvert[311];
data/bareos-17.2.7/src/lib/bsnprintf.c:645:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[10];
data/bareos-17.2.7/src/lib/bsock.c:66:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char allbuf[256 * 10];
data/bareos-17.2.7/src/lib/bsock.c:248:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bashed_name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/lib/bsock.h:94:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(JCR *jcr, const char *name, char *host, char *service,
data/bareos-17.2.7/src/lib/bsock_sctp.c:52:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)clone, (void *)this, sizeof(BSOCK_SCTP));
data/bareos-17.2.7/src/lib/bsock_sctp.c:95:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool BSOCK_SCTP::open(JCR *jcr, const char *name, char *host, char *service,
data/bareos-17.2.7/src/lib/bsock_sctp.h:30:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(JCR *jcr, const char *name, char *host, char *service,
data/bareos-17.2.7/src/lib/bsock_tcp.c:74:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)clone, (void *)this, sizeof(BSOCK_TCP));
data/bareos-17.2.7/src/lib/bsock_tcp.c:115:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
for (i = 0; !open(jcr, name, host, service, port, heart_beat, &fatal);
data/bareos-17.2.7/src/lib/bsock_tcp.c:167:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool BSOCK_TCP::open(JCR *jcr, const char *name, char *host, char *service,
data/bareos-17.2.7/src/lib/bsock_tcp.c:226:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char allbuf[256 * 10];
data/bareos-17.2.7/src/lib/bsock_tcp.c:227:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curbuf[256];
data/bareos-17.2.7/src/lib/bsock_tcp.h:46:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(JCR *jcr, const char *name, char *host, char *service,
data/bareos-17.2.7/src/lib/bsock_udt.c:52:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)clone, (void *)this, sizeof(BSOCK_UDT));
data/bareos-17.2.7/src/lib/bsock_udt.c:95:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool BSOCK_UDT::open(JCR *jcr, const char *name, char *host, char *service,
data/bareos-17.2.7/src/lib/bsock_udt.h:30:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(JCR *jcr, const char *name, char *host, char *service,
data/bareos-17.2.7/src/lib/bsr.h:45:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolumeName[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/lib/bsr.h:46:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MediaType[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/lib/bsr.h:47:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[MAX_NAME_LENGTH]; /* ***FIXME*** use alist here */
data/bareos-17.2.7/src/lib/bsr.h:63:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolumeName[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/lib/bsr.h:64:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MediaType[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/lib/bsr.h:65:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[MAX_NAME_LENGTH]; /* ***FIXME*** use alist here */
data/bareos-17.2.7/src/lib/bsr.h:71:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ClientName[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/lib/bsr.h:132:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/lib/bsys.c:52:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prbuf[500];
data/bareos-17.2.7/src/lib/bsys.c:228:4: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(src, dest, len + 1);
data/bareos-17.2.7/src/lib/bsys.c:485:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, buf, len);
data/bareos-17.2.7/src/lib/bsys.c:502:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tm, ltm, sizeof(struct tm));
data/bareos-17.2.7/src/lib/bsys.c:524:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entry, ndir, sizeof(struct dirent));
data/bareos-17.2.7/src/lib/bsys.c:581:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidbuf[20];
data/bareos-17.2.7/src/lib/bsys.c:589:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pidfd = open(fname, O_RDONLY|O_BINARY, 0)) < 0 ||
data/bareos-17.2.7/src/lib/bsys.c:627:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pidfd = open(fname, O_CREAT|O_TRUNC|O_WRONLY|O_BINARY, 0640)) >= 0) {
data/bareos-17.2.7/src/lib/bsys.c:628:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(pidbuf, "%d\n", (int)getpid());
data/bareos-17.2.7/src/lib/bsys.c:662:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[14];
data/bareos-17.2.7/src/lib/bsys.c:690:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sfd = open(fname, O_RDONLY|O_BINARY)) < 0) {
data/bareos-17.2.7/src/lib/bsys.c:747:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sfd = open(fname, O_CREAT|O_WRONLY|O_BINARY, 0640)) < 0) {
data/bareos-17.2.7/src/lib/bsys.c:1067:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path + path_len, extra, strlen(extra) + 1);
data/bareos-17.2.7/src/lib/bsys.c:1147:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char drive[4] = "X:\\";
data/bareos-17.2.7/src/lib/bsys.c:1260:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuffer[512];
data/bareos-17.2.7/src/lib/bsys.c:1402:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(function, "()");
data/bareos-17.2.7/src/lib/bsys.c:1476:16: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(function, "()");
data/bareos-17.2.7/src/lib/btimers.c:133:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/lib/btimers.c:164:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/lib/btimers.c:197:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/lib/btimers.c:215:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/lib/btimers.c:238:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/lib/compression.c:469:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50]; /* Buffer printing huge values */
data/bareos-17.2.7/src/lib/compression.c:527:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jcr->compress.inflate_buffer, *data, OFFSET_FADDR_SIZE);
data/bareos-17.2.7/src/lib/compression.c:546:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50]; /* Buffer printing huge values */
data/bareos-17.2.7/src/lib/compression.c:590:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jcr->compress.inflate_buffer, *data, OFFSET_FADDR_SIZE);
data/bareos-17.2.7/src/lib/compression.c:614:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50]; /* Buffer printing huge values */
data/bareos-17.2.7/src/lib/compression.c:679:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jcr->compress.inflate_buffer, *data, OFFSET_FADDR_SIZE);
data/bareos-17.2.7/src/lib/connection_pool.h:52:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/lib/crypto_cache.c:52:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(cache_file, O_RDONLY|O_BINARY)) < 0) {
data/bareos-17.2.7/src/lib/crypto_cache.c:156:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(cache_file, O_CREAT | O_WRONLY | O_BINARY, 0640)) < 0) {
data/bareos-17.2.7/src/lib/crypto_cache.c:321:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt1[MAX_TIME_LENGTH],
data/bareos-17.2.7/src/lib/crypto_cache.h:36:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[21];
data/bareos-17.2.7/src/lib/crypto_cache.h:43:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolumeName[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/lib/crypto_cache.h:44:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char EncryptionKey[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/lib/crypto_openssl.c:1551:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/bareos-17.2.7/src/lib/crypto_wrap.c:80:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, plain, 8 * n);
data/bareos-17.2.7/src/lib/crypto_wrap.c:102:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b, a, 8);
data/bareos-17.2.7/src/lib/crypto_wrap.c:103:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b + 8, r, 8);
data/bareos-17.2.7/src/lib/crypto_wrap.c:110:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a, b, 8);
data/bareos-17.2.7/src/lib/crypto_wrap.c:112:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, b + 8, 8);
data/bareos-17.2.7/src/lib/crypto_wrap.c:148:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a, cipher, 8);
data/bareos-17.2.7/src/lib/crypto_wrap.c:150:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, cipher + 8, 8 * n);
data/bareos-17.2.7/src/lib/crypto_wrap.c:172:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b, a, 8);
data/bareos-17.2.7/src/lib/crypto_wrap.c:175:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b + 8, r, 8);
data/bareos-17.2.7/src/lib/crypto_wrap.c:182:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a, b, 8);
data/bareos-17.2.7/src/lib/crypto_wrap.c:183:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, b + 8, 8);
data/bareos-17.2.7/src/lib/crypto_wrap.c:215:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cipher, plain, n * 8);
data/bareos-17.2.7/src/lib/crypto_wrap.c:226:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cipher, plain, n * 8);
data/bareos-17.2.7/src/lib/daemon.c:116:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/null", O_RDONLY, 0644);
data/bareos-17.2.7/src/lib/dlist.h:196:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_str[1];
data/bareos-17.2.7/src/lib/edit.c:111:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *c, mbuf[50];
data/bareos-17.2.7/src/lib/edit.c:152:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbuf[50];
data/bareos-17.2.7/src/lib/edit.c:176:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbuf[50];
data/bareos-17.2.7/src/lib/edit.c:291:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mod_str[20];
data/bareos-17.2.7/src/lib/edit.c:292:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num_str[50];
data/bareos-17.2.7/src/lib/edit.c:365:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mybuf[200];
data/bareos-17.2.7/src/lib/edit.c:406:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mybuf[3];
data/bareos-17.2.7/src/lib/edit.c:422:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mod_str[20];
data/bareos-17.2.7/src/lib/edit.c:423:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num_str[50];
data/bareos-17.2.7/src/lib/guid_to_name.c:126:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/bareos-17.2.7/src/lib/guid_to_name.c:154:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/bareos-17.2.7/src/lib/hmac.c:74:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k_ipad, key, key_len);
data/bareos-17.2.7/src/lib/hmac.c:75:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k_opad, k_ipad, PAD_LEN);
data/bareos-17.2.7/src/lib/htable.c:277:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(big, this, sizeof(htable)); /* Start with original class data */
data/bareos-17.2.7/src/lib/htable.c:339:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this, big, sizeof(htable)); /* Move everything across */
data/bareos-17.2.7/src/lib/htable.h:81:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first[1]; /* First byte */
data/bareos-17.2.7/src/lib/ini.c:393:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(out_fname, "wb");
data/bareos-17.2.7/src/lib/ini.c:420:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fname, "w");
data/bareos-17.2.7/src/lib/ini.h:70:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nameval[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/lib/ini.h:210:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(items, aitems, (i+1) * size);
data/bareos-17.2.7/src/lib/jcr.c:162:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)je, (char *)&job, sizeof(job));
data/bareos-17.2.7/src/lib/jcr.c:1245:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jobid[maxlen+1];
data/bareos-17.2.7/src/lib/jcr.c:1299:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], buf1[128], buf2[128], buf3[128], buf4[128];
data/bareos-17.2.7/src/lib/lex.c:205:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lf, of, sizeof(LEX));
data/bareos-17.2.7/src/lib/lex.c:230:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nf, lf, sizeof(LEX));
data/bareos-17.2.7/src/lib/lex.c:336:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(filename_expanded, "rb")) == NULL) {
data/bareos-17.2.7/src/lib/lex.c:344:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(filename, "rb")) == NULL) {
data/bareos-17.2.7/src/lib/lockmgr.c:276:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/lib/lockmgr.c:1086:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/bareos-17.2.7/src/lib/md5.c:227:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, size);
data/bareos-17.2.7/src/lib/md5.c:231:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, available);
data/bareos-17.2.7/src/lib/md5.c:242:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer, data, size);
data/bareos-17.2.7/src/lib/md5.h:41:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64];
data/bareos-17.2.7/src/lib/mem_pool.c:116:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/bareos-17.2.7/src/lib/mem_pool.c:476:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[30];
data/bareos-17.2.7/src/lib/mem_pool.c:490:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%-6d", pool);
data/bareos-17.2.7/src/lib/mem_pool.c:528:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pm+pmlen, str, len);
data/bareos-17.2.7/src/lib/mem_pool.c:538:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pm+pmlen, str.c_str(), len);
data/bareos-17.2.7/src/lib/mem_pool.c:551:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pm.c_str()+pmlen, str, len);
data/bareos-17.2.7/src/lib/mem_pool.c:564:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pm->c_str()+pmlen, str, len);
data/bareos-17.2.7/src/lib/mem_pool.c:580:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pm, str, len);
data/bareos-17.2.7/src/lib/mem_pool.c:589:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pm, str.c_str(), len);
data/bareos-17.2.7/src/lib/mem_pool.c:601:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pm.c_str(), str, len);
data/bareos-17.2.7/src/lib/mem_pool.c:613:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pm->c_str(), str, len);
data/bareos-17.2.7/src/lib/mem_pool.c:624:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pm, data, n);
data/bareos-17.2.7/src/lib/mem_pool.c:631:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pm, data.c_str(), n);
data/bareos-17.2.7/src/lib/mem_pool.c:638:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pm.c_str(), data, n);
data/bareos-17.2.7/src/lib/mem_pool.c:645:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pm->c_str(), data, n);
data/bareos-17.2.7/src/lib/mem_pool.c:703:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem+pmlen, str, len);
data/bareos-17.2.7/src/lib/mem_pool.c:720:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem, str, len);
data/bareos-17.2.7/src/lib/message.c:53:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char my_name[128] = {0}; /* daemon name is stored here */
data/bareos-17.2.7/src/lib/message.c:54:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host_name[256] = {0}; /* host machine name */
data/bareos-17.2.7/src/lib/message.c:58:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char con_fname[500]; /* Console filename */
data/bareos-17.2.7/src/lib/message.c:147:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/lib/message.c:194:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpath[1024];
data/bareos-17.2.7/src/lib/message.c:233:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
exepath = (char *)malloc(strlen(argv[0]) + 1 + len);
data/bareos-17.2.7/src/lib/message.c:290:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/null", O_RDONLY, 0644);
data/bareos-17.2.7/src/lib/message.c:318:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dnew, d, sizeof(DEST));
data/bareos-17.2.7/src/lib/message.c:335:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jcr->jcr_msgs->send_msg, msg->send_msg, sizeof(msg->send_msg));
data/bareos-17.2.7/src/lib/message.c:346:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(daemon_msgs->send_msg, msg->send_msg, sizeof(msg->send_msg));
data/bareos-17.2.7/src/lib/message.c:360:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(con_fname, O_CREAT|O_RDWR|O_BINARY, 0600);
data/bareos-17.2.7/src/lib/message.c:370:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
con_fd = fopen(con_fname, "a+b");
data/bareos-17.2.7/src/lib/message.c:740:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
d->fd = fopen(d->where, mode);
data/bareos-17.2.7/src/lib/message.c:828:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bareos-17.2.7/src/lib/message.c:850:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/lib/message.c:977:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
con_fd = fopen(con_fname, "a+b");
data/bareos-17.2.7/src/lib/message.c:1077:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
d->fd = fopen(name, "w+b");
data/bareos-17.2.7/src/lib/message.c:1191:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
trace_fd = fopen(fn.c_str(), "a+b");
data/bareos-17.2.7/src/lib/message.c:1222:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/lib/message.c:1378:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/bareos-17.2.7/src/lib/message.c:1422:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
trace_fd = fopen(fn.c_str(), "a+b");
data/bareos-17.2.7/src/lib/message.h:114:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_types[NR_MSG_TYPES]; /* Message type mask */
data/bareos-17.2.7/src/lib/message.h:160:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1];
data/bareos-17.2.7/src/lib/mntent_cache.c:256:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(MNT_MNTTAB, "r")) == (FILE *)NULL) {
data/bareos-17.2.7/src/lib/mntent_cache.c:293:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(MNTTAB, "r")) == (FILE *)NULL)
data/bareos-17.2.7/src/lib/ordered_cbuf.c:319:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(retval, item->data, item->data_size);
data/bareos-17.2.7/src/lib/ordered_cbuf.c:331:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(retval, item->data, item->data_size);
data/bareos-17.2.7/src/lib/output_formatter.c:383:61: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (api == 0 && wrap > 0 && charsinline >= wrap && open <= 0 && *(p + 1) != '|') {
data/bareos-17.2.7/src/lib/output_formatter.c:395:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (api == 0 && wrap > 0 && open <= 0) {
data/bareos-17.2.7/src/lib/parse_bsr.c:540:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prbuf[500];
data/bareos-17.2.7/src/lib/parse_conf.c:430:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szConfigDir[MAX_PATH + 1] = { 0 };
data/bareos-17.2.7/src/lib/parse_conf.h:193:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item_present[MAX_RES_ITEMS]; /* Set if item is present in conf file */
data/bareos-17.2.7/src/lib/parse_conf.h:194:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inherit_content[MAX_RES_ITEMS]; /* Set if item has inherited content */
data/bareos-17.2.7/src/lib/parse_conf.h:355:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char send_msg[nbytes_for_bits(M_MAX+1)]; /* Bit array of types */
data/bareos-17.2.7/src/lib/path_list.c:32:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[1];
data/bareos-17.2.7/src/lib/path_list.c:70:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(item->fname, fname, len + 1);
data/bareos-17.2.7/src/lib/priv.c:51:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[1000];
data/bareos-17.2.7/src/lib/res.c:59:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/lib/res.c:478:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[CRYPTO_DIGEST_MD5_SIZE];
data/bareos-17.2.7/src/lib/res.c:479:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig[100];
data/bareos-17.2.7/src/lib/res.c:485:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&sig[j], "%02x", digest[i]);
data/bareos-17.2.7/src/lib/res.c:838:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bsize[500];
data/bareos-17.2.7/src/lib/res.c:938:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char period[500];
data/bareos-17.2.7/src/lib/res.c:1086:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[1024];
data/bareos-17.2.7/src/lib/res.c:1087:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_str[128];
data/bareos-17.2.7/src/lib/res.c:1088:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname_str[1024];
data/bareos-17.2.7/src/lib/res.c:1195:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[1024];
data/bareos-17.2.7/src/lib/res.c:1212:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[1024];
data/bareos-17.2.7/src/lib/res.c:1639:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(my_config->m_res_all, this, my_config->m_resources[rindex].size);
data/bareos-17.2.7/src/lib/res.c:1885:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/bareos-17.2.7/src/lib/runscript.c:72:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, sizeof(RUNSCRIPT));
data/bareos-17.2.7/src/lib/scan.c:342:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(file, f, *fnl); /* copy filename */
data/bareos-17.2.7/src/lib/scan.c:349:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path, fname, *pnl);
data/bareos-17.2.7/src/lib/scsi_crypto.c:751:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indent_level[17];
data/bareos-17.2.7/src/lib/scsi_lli.c:64:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(device_name, O_RDWR | O_NONBLOCK | O_BINARY);
data/bareos-17.2.7/src/lib/scsi_lli.c:182:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(device_name, O_RDWR | O_NONBLOCK | O_BINARY);
data/bareos-17.2.7/src/lib/scsi_lli.c:277:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[128];
data/bareos-17.2.7/src/lib/scsi_lli.c:278:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cam_devicename[64];
data/bareos-17.2.7/src/lib/scsi_lli.c:325:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ccb->csio.cdb_io.cdb_bytes, cdb, cdb_len);
data/bareos-17.2.7/src/lib/scsi_lli.c:344:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sense, &(ccb->csio.sense_data), len);
data/bareos-17.2.7/src/lib/scsi_lli.c:414:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(device_name, O_RDWR | O_NONBLOCK| O_BINARY);
data/bareos-17.2.7/src/lib/scsi_lli.c:427:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req.cmd, cdb, cdb_len);
data/bareos-17.2.7/src/lib/serial.c:46:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &vo, sizeof vo);
data/bareos-17.2.7/src/lib/serial.c:56:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &vo, sizeof vo);
data/bareos-17.2.7/src/lib/serial.c:66:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &vo, sizeof vo);
data/bareos-17.2.7/src/lib/serial.c:76:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &vo, sizeof vo);
data/bareos-17.2.7/src/lib/serial.c:85:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &v, sizeof(int64_t));
data/bareos-17.2.7/src/lib/serial.c:94:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &rv, sizeof(int64_t));
data/bareos-17.2.7/src/lib/serial.c:105:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &v, sizeof(uint64_t));
data/bareos-17.2.7/src/lib/serial.c:114:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &rv, sizeof(uint64_t));
data/bareos-17.2.7/src/lib/serial.c:125:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &v, sizeof(btime_t));
data/bareos-17.2.7/src/lib/serial.c:134:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &rv, sizeof(btime_t));
data/bareos-17.2.7/src/lib/serial.c:151:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &v, sizeof(float64_t));
data/bareos-17.2.7/src/lib/serial.c:160:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, &rv, sizeof(float64_t));
data/bareos-17.2.7/src/lib/serial.c:185:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&vo, *ptr, sizeof vo);
data/bareos-17.2.7/src/lib/serial.c:196:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&vo, *ptr, sizeof vo);
data/bareos-17.2.7/src/lib/serial.c:207:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&vo, *ptr, sizeof vo);
data/bareos-17.2.7/src/lib/serial.c:218:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&vo, *ptr, sizeof vo);
data/bareos-17.2.7/src/lib/serial.c:230:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, *ptr, sizeof(uint64_t));
data/bareos-17.2.7/src/lib/serial.c:236:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, *ptr, sizeof(uint64_t));
data/bareos-17.2.7/src/lib/serial.c:240:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, &rv, sizeof(uint64_t));
data/bareos-17.2.7/src/lib/serial.c:253:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, *ptr, sizeof(btime_t));
data/bareos-17.2.7/src/lib/serial.c:259:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, *ptr, sizeof(btime_t));
data/bareos-17.2.7/src/lib/serial.c:263:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, &rv, sizeof(btime_t));
data/bareos-17.2.7/src/lib/serial.c:283:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, *ptr, sizeof(float64_t));
data/bareos-17.2.7/src/lib/serial.c:289:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, *ptr, sizeof(float64_t));
data/bareos-17.2.7/src/lib/serial.c:293:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, &rv, sizeof(float64_t));
data/bareos-17.2.7/src/lib/serial.h:114:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define ser_int128(x) memcpy(ser_ptr, x, sizeof(int128_t)), ser_ptr += sizeof(int128_t)
data/bareos-17.2.7/src/lib/serial.h:117:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define ser_bytes(x, len) memcpy(ser_ptr, (x), (len)), ser_ptr += (len)
data/bareos-17.2.7/src/lib/serial.h:154:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define unser_int128(x) memcpy(ser_ptr, x, sizeof(int128_t)), ser_ptr += sizeof(int128_t)
data/bareos-17.2.7/src/lib/serial.h:157:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define unser_bytes(x, len) memcpy((x), ser_ptr, (len)), ser_ptr += (len)
data/bareos-17.2.7/src/lib/sha1.c:64:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block, buffer, 64);
data/bareos-17.2.7/src/lib/sha1.c:130:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[j], data, (i = 64-j));
data/bareos-17.2.7/src/lib/sha1.c:138:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[j], &data[i], len - i);
data/bareos-17.2.7/src/lib/sha1.h:20:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[SHA1_BLOCK_LENGTH];
data/bareos-17.2.7/src/lib/sha1.h:24:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void SHA1Transform(u_int32_t state[5], const unsigned char buffer[SHA1_BLOCK_LENGTH]);
data/bareos-17.2.7/src/lib/sha1.h:26:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void SHA1Final(unsigned char digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context);
data/bareos-17.2.7/src/lib/signal.c:48:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *sig_names[BA_NSIG + 1];
data/bareos-17.2.7/src/lib/signal.c:80:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/bareos-17.2.7/src/lib/signal.c:84:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(buf, "a+") ;
data/bareos-17.2.7/src/lib/signal.c:111:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[512];
data/bareos-17.2.7/src/lib/signal.c:160:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *argv[5];
data/bareos-17.2.7/src/lib/signal.c:161:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pid_buf[20];
data/bareos-17.2.7/src/lib/signal.c:162:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char btpath[400];
data/bareos-17.2.7/src/lib/signal.c:163:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[400];
data/bareos-17.2.7/src/lib/signal.c:189:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)working_directory, "/tmp/");
data/bareos-17.2.7/src/lib/signal.c:194:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)working_directory, "/tmp/");
data/bareos-17.2.7/src/lib/signal.c:205:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pid_buf, "%d", (int)main_pid);
data/bareos-17.2.7/src/lib/signal.c:261:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(buf, "r");
data/bareos-17.2.7/src/lib/smartall.c:98:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/bareos-17.2.7/src/lib/smartall.c:227:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (((unsigned char *)cp)[head->ablen - 1] != ((((intptr_t) cp) & 0xFF) ^ 0xC5)) {
data/bareos-17.2.7/src/lib/smartall.c:334:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ptr, (int)sm_min(size, osize));
data/bareos-17.2.7/src/lib/smartall.c:408:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[500];
data/bareos-17.2.7/src/lib/smartall.c:416:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/bareos-17.2.7/src/lib/smartall.c:469:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (((unsigned char *) ap)[((struct abufhead *)ap)->ablen - 1] !=
data/bareos-17.2.7/src/lib/smartall.c:501:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[80];
data/bareos-17.2.7/src/lib/smartall.c:518:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmsg + strlen(errmsg), " %02X",
data/bareos-17.2.7/src/lib/smartall.c:521:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmsg + strlen(errmsg), " %c ",
data/bareos-17.2.7/src/lib/tcpd.h:16:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[STRING_LENGTH]; /* access via eval_hostname(host) */
data/bareos-17.2.7/src/lib/tcpd.h:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */
data/bareos-17.2.7/src/lib/tcpd.h:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[STRING_LENGTH]; /* access via eval_user(request) */
data/bareos-17.2.7/src/lib/tcpd.h:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */
data/bareos-17.2.7/src/lib/tcpd.h:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pid[10]; /* access via eval_pid(request) */
data/bareos-17.2.7/src/lib/tls_gnutls.c:73:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(dhfile, "r")) == (FILE *)NULL) {
data/bareos-17.2.7/src/lib/tls_gnutls.c:344:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cannonicalname[256];
data/bareos-17.2.7/src/lib/tls_openssl.c:346:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char issuer[256];
data/bareos-17.2.7/src/lib/tls_openssl.c:347:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subject[256];
data/bareos-17.2.7/src/lib/tls_openssl.c:614:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[256];
data/bareos-17.2.7/src/lib/tree.h:42:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first[1]; /* first byte */
data/bareos-17.2.7/src/lib/unittests/alist_test.c:49:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/bareos-17.2.7/src/lib/unittests/alist_test.c:60:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", start+i);
data/bareos-17.2.7/src/lib/unittests/alist_test.c:76:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/bareos-17.2.7/src/lib/unittests/alist_test.c:84:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", i);
data/bareos-17.2.7/src/lib/unittests/alist_test.c:90:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", i);
data/bareos-17.2.7/src/lib/unittests/alist_test.c:95:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", i);
data/bareos-17.2.7/src/lib/unittests/alist_test.c:113:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
assert_int_equal(i, atoi((char *)fileset->mylist[i]));
data/bareos-17.2.7/src/lib/unittests/base64_test.c:63:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char where[500];
data/bareos-17.2.7/src/lib/unittests/base64_test.c:150:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bareos-17.2.7/src/lib/unittests/base64_test.c:151:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char junk[100];
data/bareos-17.2.7/src/lib/unittests/base64_test.c:168:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(junk, "This is a sample string");
data/bareos-17.2.7/src/lib/unittests/bsnprintf_test.c:47:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[LONG_STRING];
data/bareos-17.2.7/src/lib/unittests/bsnprintf_test.c:48:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[LONG_STRING];
data/bareos-17.2.7/src/lib/unittests/dlist_test.c:74:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/bareos-17.2.7/src/lib/unittests/dlist_test.c:81:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", i);
data/bareos-17.2.7/src/lib/unittests/dlist_test.c:90:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/bareos-17.2.7/src/lib/unittests/dlist_test.c:97:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", start + i);
data/bareos-17.2.7/src/lib/unittests/dlist_test.c:177:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/bareos-17.2.7/src/lib/unittests/dlist_test.c:190:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", i);
data/bareos-17.2.7/src/lib/unittests/dlist_test.c:200:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
assert_int_equal(atoi(next_jcr->buf), 9);
data/bareos-17.2.7/src/lib/unittests/dlist_test.c:209:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
assert_int_equal(index, atoi(jcr->buf));
data/bareos-17.2.7/src/lib/unittests/dlist_test.c:222:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", i);
data/bareos-17.2.7/src/lib/unittests/dlist_test.c:232:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
assert_int_equal(11, atoi(next_jcr->buf));
data/bareos-17.2.7/src/lib/unittests/dlist_test.c:241:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
assert_int_equal(index, atoi(jcr->buf));
data/bareos-17.2.7/src/lib/unittests/dlist_test.c:252:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "ZZZ");
data/bareos-17.2.7/src/lib/unittests/dlist_test.c:276:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "ZZZZZZZZZZZZZZZZ");
data/bareos-17.2.7/src/lib/unittests/dlist_test.c:302:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "ZZZ");
data/bareos-17.2.7/src/lib/unittests/edit_test.c:50:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bareos-17.2.7/src/lib/unittests/edit_test.c:51:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outval[100];
data/bareos-17.2.7/src/lib/unittests/htable_test.c:60:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mkey[30];
data/bareos-17.2.7/src/lib/unittests/htable_test.c:76:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(mkey, "%d", i) + 1;
data/bareos-17.2.7/src/lib/unittests/htable_test.c:80:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jcr->key, mkey, len);
data/bareos-17.2.7/src/lib/unittests/ini_test.c:85:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("test.cfg", "w")) == NULL) {
data/bareos-17.2.7/src/lib/unittests/ini_test.c:147:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("test2.cfg", "w")) == NULL) {
data/bareos-17.2.7/src/lib/unittests/rblist_test.c:59:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/bareos-17.2.7/src/lib/unittests/rblist_test.c:69:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "ZZZ");
data/bareos-17.2.7/src/lib/unittests/scan_test.c:43:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char assertbuf[500];
data/bareos-17.2.7/src/lib/unittests/scan_test.c:44:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bareos-17.2.7/src/lib/unittests/scan_test.c:48:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[200];
data/bareos-17.2.7/src/lib/unittests/scan_test.c:87:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolCatStatus[20]; /* Volume status */
data/bareos-17.2.7/src/lib/unittests/scan_test.c:88:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolCatName[MAX_NAME_LENGTH]; /* Desired volume to mount */
data/bareos-17.2.7/src/lib/unittests/scan_test.c:126:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pool_name[100];
data/bareos-17.2.7/src/lib/unittests/scan_test.c:127:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MediaType[100];
data/bareos-17.2.7/src/lib/unittests/scan_test.c:128:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unwanted_volumes[100];
data/bareos-17.2.7/src/lib/unittests/tree_test.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/bareos-17.2.7/src/lib/unittests/tree_test.c:86:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathbuf[MAXPATHLEN];
data/bareos-17.2.7/src/lib/unittests/tree_test.c:87:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[MAXPATHLEN];
data/bareos-17.2.7/src/lib/unittests/tree_test.c:149:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/bareos-17.2.7/src/lib/util.c:263:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(buf, "%04d-%02d-%02d %02d:%02d:%02d",
data/bareos-17.2.7/src/lib/util.c:288:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bareos-17.2.7/src/lib/util.c:712:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5key[16], md5key1[16];
data/bareos-17.2.7/src/lib/util.c:713:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/bareos-17.2.7/src/lib/util.c:855:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/lib/util.c:856:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char add[50];
data/bareos-17.2.7/src/lib/util.c:857:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/lib/var.c:71:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char char_class_t[256]; /* 256 == 2 ^ sizeof(unsigned char)*8 */
data/bareos-17.2.7/src/lib/var.c:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[((sizeof(int)*8)/3)+10];
data/bareos-17.2.7/src/lib/var.c:194:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->bufptr, buffer, bufsize);
data/bareos-17.2.7/src/lib/var.c:241:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(upper, lower, sizeof(var_parse_t));
data/bareos-17.2.7/src/lib/var.c:326:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, data, len);
data/bareos-17.2.7/src/lib/var.c:362:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, output->begin, output->end - output->begin);
data/bareos-17.2.7/src/lib/var.c:385:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)output->end, data, len);
data/bareos-17.2.7/src/lib/var.c:1392:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[((sizeof(int)*8)/3)+10]; /* sufficient size: <#bits> x log_10(2) + safety */
data/bareos-17.2.7/src/lib/var.c:1393:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", (int)(data->end - data->begin));
data/bareos-17.2.7/src/lib/var.c:1854:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/bareos-17.2.7/src/lib/var.c:2729:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
str = (char *)var_errors[rc];
data/bareos-17.2.7/src/lmdb/mdb.c:666:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define DKBUF char kbuf[DKBUF_MAXKEYSIZE*2+1]
data/bareos-17.2.7/src/lmdb/mdb.c:787:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[(sizeof(MDB_rxbody)+CACHELINE-1) & ~(CACHELINE-1)];
data/bareos-17.2.7/src/lmdb/mdb.c:812:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtb_rmname[MNAME_LEN];
data/bareos-17.2.7/src/lmdb/mdb.c:848:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[(sizeof(MDB_txbody)+CACHELINE-1) & ~(CACHELINE-1)];
data/bareos-17.2.7/src/lmdb/mdb.c:852:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mt2_wmname[MNAME_LEN];
data/bareos-17.2.7/src/lmdb/mdb.c:861:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[(MNAME_LEN+CACHELINE-1) & ~(CACHELINE-1)];
data/bareos-17.2.7/src/lmdb/mdb.c:1003:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mn_data[1]; /**< key and data are appended here */
data/bareos-17.2.7/src/lmdb/mdb.c:1153:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mm_pad[PAGEHDRSZ];
data/bareos-17.2.7/src/lmdb/mdb.c:1606:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MSGSIZE+PADSIZE], *ptr = buf;
data/bareos-17.2.7/src/lmdb/mdb.c:1660:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[400];
data/bareos-17.2.7/src/lmdb/mdb.c:1661:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.100s:%d: Assertion '%.200s' failed in %.40s()",
data/bareos-17.2.7/src/lmdb/mdb.c:1705:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ptr += sprintf(ptr, "%02x", *c++);
data/bareos-17.2.7/src/lmdb/mdb.c:1707:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.*s", key->mv_size, key->mv_data);
data/bareos-17.2.7/src/lmdb/mdb.c:1715:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *const tp[2][2] = {{"", ": DB"}, {": sub-page", ": sub-DB"}};
data/bareos-17.2.7/src/lmdb/mdb.c:2522:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, (lower + PAGEBASE + (Align-1)) & -Align);
data/bareos-17.2.7/src/lmdb/mdb.c:2523:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((pgno_t *)((char *)dst+upper), (pgno_t *)((char *)src+upper),
data/bareos-17.2.7/src/lmdb/mdb.c:2526:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, psize - unused);
data/bareos-17.2.7/src/lmdb/mdb.c:2566:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(np, mp, num * env->me_psize);
data/bareos-17.2.7/src/lmdb/mdb.c:2973:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(txn->mt_dbiseqs, env->me_dbiseqs, env->me_maxdbs * sizeof(unsigned int));
data/bareos-17.2.7/src/lmdb/mdb.c:2977:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(txn->mt_dbs, meta->mm_dbs, CORE_DBS * sizeof(MDB_db));
data/bareos-17.2.7/src/lmdb/mdb.c:3103:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(txn->mt_dbs, parent->mt_dbs, txn->mt_numdbs * sizeof(MDB_db));
data/bareos-17.2.7/src/lmdb/mdb.c:3114:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(env->me_pghead, ntxn->mnt_pgstate.mf_pghead, size);
data/bareos-17.2.7/src/lmdb/mdb.c:3401:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.mv_data, free_pgs, data.mv_size);
data/bareos-17.2.7/src/lmdb/mdb.c:3720:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(parent->mt_dbs, txn->mt_dbs, txn->mt_numdbs * sizeof(MDB_db));
data/bareos-17.2.7/src/lmdb/mdb.c:4435:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(uts.release+7);
data/bareos-17.2.7/src/lmdb/mdb.c:4439:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(uts.release+7);
data/bareos-17.2.7/src/lmdb/mdb.c:4444:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(uts.release+2);
data/bareos-17.2.7/src/lmdb/mdb.c:4448:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(uts.release+4);
data/bareos-17.2.7/src/lmdb/mdb.c:4452:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(uts.release+4);
data/bareos-17.2.7/src/lmdb/mdb.c:4847:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
env->me_lfd = open(lpath, O_RDWR|O_CREAT|MDB_CLOEXEC, mode);
data/bareos-17.2.7/src/lmdb/mdb.c:4927:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encbuf[11];
data/bareos-17.2.7/src/lmdb/mdb.c:4958:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encbuf[11];
data/bareos-17.2.7/src/lmdb/mdb.c:5214:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
env->me_fd = open(dpath, oflags, mode);
data/bareos-17.2.7/src/lmdb/mdb.c:5245:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
env->me_mfd = open(dpath, oflags | MDB_DSYNC, mode);
data/bareos-17.2.7/src/lmdb/mdb.c:5778:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
p = (MDB_page *)((char *)tl[x].mptr + rem * env->me_psize);
data/bareos-17.2.7/src/lmdb/mdb.c:6186:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&flags, ((char *) data.mv_data + offsetof(MDB_db, md_flags)),
data/bareos-17.2.7/src/lmdb/mdb.c:6193:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mc->mc_db, data.mv_data, sizeof(MDB_db));
data/bareos-17.2.7/src/lmdb/mdb.c:7280:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, key->mv_data, ksize);
data/bareos-17.2.7/src/lmdb/mdb.c:7339:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
dkey.mv_data = memcpy(fp+1, olddata.mv_data, olddata.mv_size);
data/bareos-17.2.7/src/lmdb/mdb.c:7420:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(METADATA(mp), METADATA(fp), NUMKEYS(fp) * fp->mp_pad);
data/bareos-17.2.7/src/lmdb/mdb.c:7422:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)mp + mp->mp_upper + PAGEBASE, (char *)fp + fp->mp_upper + PAGEBASE,
data/bareos-17.2.7/src/lmdb/mdb.c:7489:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((size_t *)((char *)np + off),
data/bareos-17.2.7/src/lmdb/mdb.c:7493:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(np, omp, sz); /* Copy beginning of page */
data/bareos-17.2.7/src/lmdb/mdb.c:7500:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(METADATA(omp), data->mv_data, data->mv_size);
data/bareos-17.2.7/src/lmdb/mdb.c:7514:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(olddata.mv_data, data->mv_data, data->mv_size);
data/bareos-17.2.7/src/lmdb/mdb.c:7516:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODEKEY(leaf), key->mv_data, key->mv_size);
data/bareos-17.2.7/src/lmdb/mdb.c:7622:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(db, &mc->mc_xcursor->mx_db, sizeof(MDB_db));
data/bareos-17.2.7/src/lmdb/mdb.c:7644:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
data[0].mv_data = (char *)data[0].mv_data + data[0].mv_size;
data/bareos-17.2.7/src/lmdb/mdb.c:7704:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(db, &mc->mc_xcursor->mx_db, sizeof(MDB_db));
data/bareos-17.2.7/src/lmdb/mdb.c:7896:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, key->mv_data, ksize);
data/bareos-17.2.7/src/lmdb/mdb.c:7956:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODEKEY(node), key->mv_data, key->mv_size);
data/bareos-17.2.7/src/lmdb/mdb.c:7962:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ndata, data->mv_data, sizeof(pgno_t));
data/bareos-17.2.7/src/lmdb/mdb.c:7966:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ndata, data->mv_data, data->mv_size);
data/bareos-17.2.7/src/lmdb/mdb.c:7968:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ndata, &ofp->mp_pgno, sizeof(pgno_t));
data/bareos-17.2.7/src/lmdb/mdb.c:7973:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ndata, data->mv_data, data->mv_size);
data/bareos-17.2.7/src/lmdb/mdb.c:8134:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mx->mx_db, NODEDATA(node), sizeof(MDB_db));
data/bareos-17.2.7/src/lmdb/mdb.c:8365:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf2[DKBUF_MAXKEYSIZE*2+1];
data/bareos-17.2.7/src/lmdb/mdb.c:8411:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODEKEY(node), key->mv_data, key->mv_size);
data/bareos-17.2.7/src/lmdb/mdb.c:9289:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp->mp_ptrs, split, rsize);
data/bareos-17.2.7/src/lmdb/mdb.c:9292:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ins, newkey->mv_data, ksize);
data/bareos-17.2.7/src/lmdb/mdb.c:9297:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp->mp_ptrs, split, x * ksize);
data/bareos-17.2.7/src/lmdb/mdb.c:9299:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ins, newkey->mv_data, ksize);
data/bareos-17.2.7/src/lmdb/mdb.c:9300:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ins+ksize, split + x * ksize, rsize - x * ksize);
data/bareos-17.2.7/src/lmdb/mdb.c:9496:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODEPTR(mp, nkeys-1), NODEPTR(copy, nkeys-1),
data/bareos-17.2.7/src/lmdb/mdb.c:9637:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *mc_wbuf[2];
data/bareos-17.2.7/src/lmdb/mdb.c:9638:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *mc_over[2];
data/bareos-17.2.7/src/lmdb/mdb.c:9795:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODEDATA(ni), &my->mc_next_pgno, sizeof(pgno_t));
data/bareos-17.2.7/src/lmdb/mdb.c:9806:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mo, omp, my->mc_env->me_psize);
data/bareos-17.2.7/src/lmdb/mdb.c:9835:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODEDATA(ni), &db, sizeof(db));
data/bareos-17.2.7/src/lmdb/mdb.c:10168:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
newfd = open(lpath, O_WRONLY|O_CREAT|O_EXCL, 0666);
data/bareos-17.2.7/src/lmdb/mdb.c:10454:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&txn->mt_dbs[slot], data.mv_data, sizeof(MDB_db));
data/bareos-17.2.7/src/lmdb/mdb.c:10712:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/bareos-17.2.7/src/lmdb/mdb.c:10905:9: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
need = MultiByteToWideChar(CP_UTF8, 0, src, srcsize, NULL, 0);
data/bareos-17.2.7/src/lmdb/mdb.c:10913:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, src, srcsize, result, need);
data/bareos-17.2.7/src/lmdb/midl.c:179:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ids[ids[0]+1], &app[1], app[0] * sizeof(MDB_ID));
data/bareos-17.2.7/src/lmdb/midl.h:71:34: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define MDB_IDL_CPY( dst, src ) (memcpy( dst, src, MDB_IDL_SIZEOF( src ) ))
data/bareos-17.2.7/src/ndmp/md5.h:65:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64]; /* input buffer */
data/bareos-17.2.7/src/ndmp/md5c.c:55:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char PADDING[64] = {
data/bareos-17.2.7/src/ndmp/md5c.c:157:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16]; /* message digest */
data/bareos-17.2.7/src/ndmp/md5c.c:160:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bits[8];
data/bareos-17.2.7/src/ndmp/md5c.c:186:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[64];
data/bareos-17.2.7/src/ndmp/md5c.c:331:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)output)[i] = (char)value;
data/bareos-17.2.7/src/ndmp/ndma_comm_dispatch.c:804:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&reply->config_info, sess->config_info, sizeof(ndmp9_config_info));
data/bareos-17.2.7/src/ndmp/ndma_comm_dispatch.c:1948:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason[100];
data/bareos-17.2.7/src/ndmp/ndma_comm_dispatch.c:2080:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason[100];
data/bareos-17.2.7/src/ndmp/ndma_comm_dispatch.c:2183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason[100];
data/bareos-17.2.7/src/ndmp/ndma_comm_dispatch.c:2298:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason[100];
data/bareos-17.2.7/src/ndmp/ndma_comm_dispatch.c:2648:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason[100];
data/bareos-17.2.7/src/ndmp/ndma_comm_dispatch.c:2886:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[32];
data/bareos-17.2.7/src/ndmp/ndma_comm_dispatch.c:2955:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[32];
data/bareos-17.2.7/src/ndmp/ndma_comm_dispatch.c:2986:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[32];
data/bareos-17.2.7/src/ndmp/ndma_comm_dispatch.c:3022:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[32];
data/bareos-17.2.7/src/ndmp/ndma_comm_job.c:184:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (errbuf,
data/bareos-17.2.7/src/ndmp/ndma_comm_job.c:196:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (errbuf,
data/bareos-17.2.7/src/ndmp/ndma_comm_job.c:212:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (errbuf,
data/bareos-17.2.7/src/ndmp/ndma_comm_job.c:225:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (errbuf,
data/bareos-17.2.7/src/ndmp/ndma_comm_session.c:75:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&sess->control_acb->job, job, sizeof(struct ndm_job_param ));
data/bareos-17.2.7/src/ndmp/ndma_comm_session.c:140:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip_addr[100];
data/bareos-17.2.7/src/ndmp/ndma_comm_session.c:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip_addr[100];
data/bareos-17.2.7/src/ndmp/ndma_comm_session.c:184:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip_addr[100];
data/bareos-17.2.7/src/ndmp/ndma_comm_session.c:391:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/bareos-17.2.7/src/ndmp/ndma_cops_backreco.c:169:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char estb_buf[64];
data/bareos-17.2.7/src/ndmp/ndma_cops_labels.c:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char labbuf[NDMMEDIA_LABEL_MAX];
data/bareos-17.2.7/src/ndmp/ndma_cops_labels.c:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/bareos-17.2.7/src/ndmp/ndma_cops_query.c:184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bareos-17.2.7/src/ndmp/ndma_cops_query.c:356:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bareos-17.2.7/src/ndmp/ndma_cops_robot.c:348:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[60];
data/bareos-17.2.7/src/ndmp/ndma_cops_robot.c:387:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (NDMOS_API_STREND(prefix), ", src @%d",
data/bareos-17.2.7/src/ndmp/ndma_ctrl_calls.c:120:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
addr.ndmp9_addr_u.tcp_addr.port = atoi(port);
data/bareos-17.2.7/src/ndmp/ndma_ctrl_calls.c:465:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (reply->data_in.data_in_val,
data/bareos-17.2.7/src/ndmp/ndma_ctrl_calls.c:489:4: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (reply->data_in.data_in_val, buf, *read_count);
data/bareos-17.2.7/src/ndmp/ndma_ctrl_media.c:53:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sess->nmc, callbacks, sizeof(struct ndmca_media_callbacks));
data/bareos-17.2.7/src/ndmp/ndma_ctrl_media.c:445:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tape_read_buf[512];
data/bareos-17.2.7/src/ndmp/ndma_ctrl_media.c:490:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/bareos-17.2.7/src/ndmp/ndma_ctrl_media.c:514:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mylabbuf[NDMMEDIA_LABEL_MAX];
data/bareos-17.2.7/src/ndmp/ndma_ctrl_media.c:574:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/bareos-17.2.7/src/ndmp/ndma_ctrl_media.c:622:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bareos-17.2.7/src/ndmp/ndma_ctrl_robot.c:293:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[60];
data/bareos-17.2.7/src/ndmp/ndma_ctrl_robot.c:326:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (NDMOS_API_STREND(prefix), ", src @%d",
data/bareos-17.2.7/src/ndmp/ndma_ctrl_robot.c:368:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[111];
data/bareos-17.2.7/src/ndmp/ndma_ctrl_robot.c:369:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lnbuf[30];
data/bareos-17.2.7/src/ndmp/ndma_ctrl_robot.c:388:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (lnbuf, " ");
data/bareos-17.2.7/src/ndmp/ndma_ctrl_robot.c:393:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "PP-ERROR");
data/bareos-17.2.7/src/ndmp/ndma_ctrl_robot.c:418:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "PP-ERROR");
data/bareos-17.2.7/src/ndmp/ndma_ctst_data.c:332:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[100];
data/bareos-17.2.7/src/ndmp/ndma_ctst_data.c:333:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[256];
data/bareos-17.2.7/src/ndmp/ndma_ctst_data.c:343:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (errbuf, "???");
data/bareos-17.2.7/src/ndmp/ndma_ctst_data.c:357:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (errbuf, "reason != NA");
data/bareos-17.2.7/src/ndmp/ndma_ctst_data.c:366:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (errbuf, "bogus state");
data/bareos-17.2.7/src/ndmp/ndma_ctst_mover.c:505:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[100];
data/bareos-17.2.7/src/ndmp/ndma_ctst_mover.c:506:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[256];
data/bareos-17.2.7/src/ndmp/ndma_ctst_mover.c:516:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (errbuf, "???");
data/bareos-17.2.7/src/ndmp/ndma_ctst_mover.c:530:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (errbuf, "reason(s) != NA");
data/bareos-17.2.7/src/ndmp/ndma_ctst_mover.c:537:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (errbuf, "halt_reason != NA");
data/bareos-17.2.7/src/ndmp/ndma_ctst_mover.c:544:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (errbuf, "pause_reason != NA");
data/bareos-17.2.7/src/ndmp/ndma_ctst_mover.c:550:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (errbuf, "bogus state");
data/bareos-17.2.7/src/ndmp/ndma_ctst_subr.c:215:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[128];
data/bareos-17.2.7/src/ndmp/ndma_ctst_subr.c:309:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[128];
data/bareos-17.2.7/src/ndmp/ndma_ctst_subr.c:331:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char test_name_buf[512];
data/bareos-17.2.7/src/ndmp/ndma_ctst_subr.c:350:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char warn_msg_buf[512];
data/bareos-17.2.7/src/ndmp/ndma_ctst_subr.c:361:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fail_msg_buf[512];
data/bareos-17.2.7/src/ndmp/ndma_ctst_tape.c:264:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bareos-17.2.7/src/ndmp/ndma_ctst_tape.c:348:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/bareos-17.2.7/src/ndmp/ndma_ctst_tape.c:460:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64*1024];
data/bareos-17.2.7/src/ndmp/ndma_ctst_tape.c:574:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[80];
data/bareos-17.2.7/src/ndmp/ndma_ctst_tape.c:619:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char note[128];
data/bareos-17.2.7/src/ndmp/ndma_ctst_tape.c:620:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64*1024];
data/bareos-17.2.7/src/ndmp/ndma_ctst_tape.c:687:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char note[128];
data/bareos-17.2.7/src/ndmp/ndma_ctst_tape.c:688:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbuf[64*1024];
data/bareos-17.2.7/src/ndmp/ndma_ctst_tape.c:689:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64*1024];
data/bareos-17.2.7/src/ndmp/ndma_ctst_tape.c:729:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[80];
data/bareos-17.2.7/src/ndmp/ndma_ctst_tape.c:789:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char note[128];
data/bareos-17.2.7/src/ndmp/ndma_ctst_tape.c:790:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbuf[64*1024];
data/bareos-17.2.7/src/ndmp/ndma_ctst_tape.c:791:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64*1024];
data/bareos-17.2.7/src/ndmp/ndma_ctst_tape.c:971:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bareos-17.2.7/src/ndmp/ndma_ctst_tape.c:1147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/bareos-17.2.7/src/ndmp/ndma_ctst_tape.c:1214:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (reply->data_in.data_in_val,
data/bareos-17.2.7/src/ndmp/ndma_ctst_tape.c:1231:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (reply->data_in.data_in_val,
data/bareos-17.2.7/src/ndmp/ndma_ctst_tape.c:1248:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (reply->data_in.data_in_val,
data/bareos-17.2.7/src/ndmp/ndma_data.c:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bareos-17.2.7/src/ndmp/ndma_data.c:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/bareos-17.2.7/src/ndmp/ndma_data.c:179:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[NDMDA_MAX_CMD];
data/bareos-17.2.7/src/ndmp/ndma_data.c:181:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (cmd, "wrap_");
data/bareos-17.2.7/src/ndmp/ndma_data.c:185:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[40];
data/bareos-17.2.7/src/ndmp/ndma_data.c:214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[NDMDA_MAX_CMD];
data/bareos-17.2.7/src/ndmp/ndma_data.c:216:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (cmd, "wrap_");
data/bareos-17.2.7/src/ndmp/ndma_data.c:220:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[40];
data/bareos-17.2.7/src/ndmp/ndma_data.c:250:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[NDMDA_MAX_CMD];
data/bareos-17.2.7/src/ndmp/ndma_data.c:252:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (cmd, "wrap_");
data/bareos-17.2.7/src/ndmp/ndma_data.c:574:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (&from_chan->data[from_chan->beg_ix],
data/bareos-17.2.7/src/ndmp/ndma_data.c:753:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/bareos-17.2.7/src/ndmp/ndma_data_pfe.c:56:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
nullfd = open ("/dev/null", 2);
data/bareos-17.2.7/src/ndmp/ndma_image_stream.c:486:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (reason_end, "unknown addr_type");
data/bareos-17.2.7/src/ndmp/ndma_image_stream.c:493:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (reason_end, "OK");
data/bareos-17.2.7/src/ndmp/ndma_image_stream.c:550:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (reason_end, "unknown addr_type");
data/bareos-17.2.7/src/ndmp/ndma_image_stream.c:557:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (reason_end, "OK");
data/bareos-17.2.7/src/ndmp/ndma_image_stream.c:597:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (reason_end, "TCP listen() failed");
data/bareos-17.2.7/src/ndmp/ndma_image_stream.c:614:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (reason_end, "OK");
data/bareos-17.2.7/src/ndmp/ndma_image_stream.c:651:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (reason_end, "TCP connect() failed");
data/bareos-17.2.7/src/ndmp/ndma_image_stream.c:808:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (reason_end, "unknown chan_mode");
data/bareos-17.2.7/src/ndmp/ndma_image_stream.c:815:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (reason_end, "OK");
data/bareos-17.2.7/src/ndmp/ndma_listmgmt.c:74:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&envtab->enumerate[i], &entry->pval, sizeof(ndmp9_pval));
data/bareos-17.2.7/src/ndmp/ndma_listmgmt.c:211:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&nlist->enumerate[i], &entry->name, sizeof(ndmp9_name));
data/bareos-17.2.7/src/ndmp/ndma_listmgmt.c:376:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (me, to_clone, sizeof(struct ndmmedia));
data/bareos-17.2.7/src/ndmp/ndma_noti_calls.c:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/bareos-17.2.7/src/ndmp/ndma_robot_simulator.c:63:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sess->nrsc, callbacks, sizeof(struct ndm_robot_simulator_callbacks));
data/bareos-17.2.7/src/ndmp/ndma_tape.c:651:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (data, ch->data + ch->end_ix, n_read);
data/bareos-17.2.7/src/ndmp/ndma_tape_simulator.c:54:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sess->ntsc, callbacks, sizeof(struct ndm_tape_simulator_callbacks));
data/bareos-17.2.7/src/ndmp/ndmagents.h:706:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bu_type[32];
data/bareos-17.2.7/src/ndmp/ndmagents.h:1125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md5_challenge[64]; /* CONNECT_AUTH MD5 */
data/bareos-17.2.7/src/ndmp/ndmagents.h:1253:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int (*validate_md5)(struct ndm_session *sess, char *name, char digest[16]);
data/bareos-17.2.7/src/ndmp/ndmagents.h:1253:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int (*validate_md5)(struct ndm_session *sess, char *name, char digest[16]);
data/bareos-17.2.7/src/ndmp/ndmagents.h:1263:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name, char digest[16]);
data/bareos-17.2.7/src/ndmp/ndmagents.h:1263:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name, char digest[16]);
data/bareos-17.2.7/src/ndmp/ndmjob.h:96:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GLOBAL char * e_exclude_pattern[MAX_EXCLUDE_PATTERN];
data/bareos-17.2.7/src/ndmp/ndmjob.h:120:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GLOBAL char * file_arg[MAX_FILE_ARG];
data/bareos-17.2.7/src/ndmp/ndmjob.h:121:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GLOBAL char * file_arg_new[MAX_FILE_ARG];
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options[100];
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:154:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * av[1000];
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:274:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
d_debug = atoi(optarg);
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:457:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:461:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1];
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:473:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(o_load_files_file, "r");
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:624:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o_from_addr = atoi(value);
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:628:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o_to_addr = atoi(value);
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:639:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o_time_limit = atoi(value);
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:645:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o_use_eject = atoi(value);
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:648:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o_tape_addr = atoi(value);
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:650:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o_from_addr = atoi(value);
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:652:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o_to_addr = atoi(value);
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:654:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o_tape_timeout = atoi(value);
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:656:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o_robot_timeout = atoi(value);
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:680:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_agent[1025];
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:681:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fd = atoi(value);
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:700:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o_tape_limit = atoi(value);
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:745:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[100];
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:746:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abuf[100];
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:747:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[5];
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:751:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (vbuf, " NDMPv2");
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:754:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (vbuf, " NDMPv3");
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:757:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (vbuf, " NDMPv4");
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:762:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (abuf, " CONTROL");
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:765:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (abuf, " DATA");
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:768:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (abuf, " TAPE");
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:771:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (abuf, " ROBOT");
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:800:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:912:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char env_name[50];
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:945:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:953:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (argfile, "r");
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:988:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * tmp_av[100];
data/bareos-17.2.7/src/ndmp/ndmjob_fhdb.c:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[8];
data/bareos-17.2.7/src/ndmp/ndmjob_fhdb.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statbuf[100];
data/bareos-17.2.7/src/ndmp/ndmjob_fhdb.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[NDMOS_CONST_PATH_MAX];
data/bareos-17.2.7/src/ndmp/ndmjob_fhdb.c:52:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (prefix, "DHf");
data/bareos-17.2.7/src/ndmp/ndmjob_fhdb.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[8];
data/bareos-17.2.7/src/ndmp/ndmjob_fhdb.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[NDMOS_CONST_PATH_MAX];
data/bareos-17.2.7/src/ndmp/ndmjob_fhdb.c:71:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (prefix, "DHd");
data/bareos-17.2.7/src/ndmp/ndmjob_fhdb.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[8];
data/bareos-17.2.7/src/ndmp/ndmjob_fhdb.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statbuf[100];
data/bareos-17.2.7/src/ndmp/ndmjob_fhdb.c:89:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (prefix, "DHn");
data/bareos-17.2.7/src/ndmp/ndmjob_fhdb.c:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[8];
data/bareos-17.2.7/src/ndmp/ndmjob_fhdb.c:105:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (prefix, "DHr");
data/bareos-17.2.7/src/ndmp/ndmjob_job.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[100];
data/bareos-17.2.7/src/ndmp/ndmjob_job.c:402:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/bareos-17.2.7/src/ndmp/ndmjob_job.c:412:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(J_index_file, "r");
data/bareos-17.2.7/src/ndmp/ndmjob_job.c:452:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bareos-17.2.7/src/ndmp/ndmjob_job.c:510:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/bareos-17.2.7/src/ndmp/ndmjob_job.c:557:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/bareos-17.2.7/src/ndmp/ndmjob_job.c:611:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/bareos-17.2.7/src/ndmp/ndmjob_main_util.c:46:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(I_index_file) != 0) {
data/bareos-17.2.7/src/ndmp/ndmjob_main_util.c:48:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ifp = fdopen(atoi(I_index_file), "w");
data/bareos-17.2.7/src/ndmp/ndmjob_main_util.c:51:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifp = fopen (I_index_file, "w");
data/bareos-17.2.7/src/ndmp/ndmjob_main_util.c:69:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(I_index_file) == 0) {
data/bareos-17.2.7/src/ndmp/ndmjob_main_util.c:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[512];
data/bareos-17.2.7/src/ndmp/ndmjob_main_util.c:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/bareos-17.2.7/src/ndmp/ndmjob_main_util.c:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tagbuf[32];
data/bareos-17.2.7/src/ndmp/ndmjob_main_util.c:108:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/bareos-17.2.7/src/ndmp/ndmjob_main_util.c:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/bareos-17.2.7/src/ndmp/ndmjob_rules.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason[100];
data/bareos-17.2.7/src/ndmp/ndmjob_rules.c:53:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (reason, "(no reason given)");
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lockfile_name[NDMOS_CONST_PATH_MAX];
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:210:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(lockfile_name, O_CREAT|O_EXCL, 0666)) < 0) {
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lockfile_name[NDMOS_CONST_PATH_MAX];
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pos_symlink_name[NDMOS_CONST_PATH_MAX];
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:237:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pos_buf[32];
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:257:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (drive_name, omode);
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:372:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pos_symlink_name[NDMOS_CONST_PATH_MAX];
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:373:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pos_buf[32];
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:748:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (drive_name, omode);
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:996:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pvoltag[32];
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:997:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char avoltag[32];
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:1037:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[NDMOS_CONST_PATH_MAX];
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:1043:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY, 0666);
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:1061:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[NDMOS_CONST_PATH_MAX];
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:1067:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_WRONLY|O_TRUNC|O_CREAT, 0666);
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:1082:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_filename[NDMOS_CONST_PATH_MAX];
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:1084:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest_filename[NDMOS_CONST_PATH_MAX];
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:1087:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pos[NDMOS_CONST_PATH_MAX];
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:1157:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(dest_filename, O_CREAT | O_WRONLY, 0666);
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:1630:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ndmjob_validate_md5 (struct ndm_session *sess, char *name, char digest[16])
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:1630:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ndmjob_validate_md5 (struct ndm_session *sess, char *name, char digest[16])
data/bareos-17.2.7/src/ndmp/ndml_agent.c:104:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
agent->port = atoi(port);
data/bareos-17.2.7/src/ndmp/ndml_agent.c:177:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (agent->host, "(resident)");
data/bareos-17.2.7/src/ndmp/ndml_agent.c:209:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (&addr, &sin->sin_addr, 4);
data/bareos-17.2.7/src/ndmp/ndml_agent.c:214:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (he->h_addr, &sin->sin_addr, 4);
data/bareos-17.2.7/src/ndmp/ndml_agent.c:238:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (&addr, &sin->sin_addr, 4);
data/bareos-17.2.7/src/ndmp/ndml_agent.c:251:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (&(((struct sockaddr_in *)ai->ai_addr)->sin_addr), &sin->sin_addr, 4);
data/bareos-17.2.7/src/ndmp/ndml_bstf.c:419:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (av[i], "r");
data/bareos-17.2.7/src/ndmp/ndml_bstf.c:426:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/bareos-17.2.7/src/ndmp/ndml_chan.c:357:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (&ch->data[ch->beg_ix], ch->data, len);
data/bareos-17.2.7/src/ndmp/ndml_chan.c:511:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (bp, "ready=%d avail=%d ",
data/bareos-17.2.7/src/ndmp/ndml_chan.c:516:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (ch->ready) strcat (bp, "-rdy");
data/bareos-17.2.7/src/ndmp/ndml_chan.c:517:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (ch->check) strcat (bp, "-chk");
data/bareos-17.2.7/src/ndmp/ndml_chan.c:518:15: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (ch->eof) strcat (bp, "-eof");
data/bareos-17.2.7/src/ndmp/ndml_chan.c:519:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (ch->error) strcat (bp, "-err");
data/bareos-17.2.7/src/ndmp/ndml_config.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CFG_BUF_SIZE];
data/bareos-17.2.7/src/ndmp/ndml_config.c:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * sv[CFG_MAX_SV];
data/bareos-17.2.7/src/ndmp/ndml_config.c:72:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (filename, "r");
data/bareos-17.2.7/src/ndmp/ndml_conn.c:521:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char challenge[NDMP_MD5_CHALLENGE_LENGTH];
data/bareos-17.2.7/src/ndmp/ndml_conn.c:522:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest[NDMP_MD5_DIGEST_LENGTH];
data/bareos-17.2.7/src/ndmp/ndml_conn.c:1057:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[16*3+3];
data/bareos-17.2.7/src/ndmp/ndml_conn.c:1065:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (p, " %02x", b);
data/bareos-17.2.7/src/ndmp/ndml_fhdb.c:50:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ixlog->nfc, callbacks, sizeof(struct ndm_fhdb_callbacks));
data/bareos-17.2.7/src/ndmp/ndml_fhdb.c:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[256];
data/bareos-17.2.7/src/ndmp/ndml_fhdb.c:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[2048];
data/bareos-17.2.7/src/ndmp/ndml_fhdb.c:206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char component[256+128];
data/bareos-17.2.7/src/ndmp/ndml_fhdb.c:244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[256+128];
data/bareos-17.2.7/src/ndmp/ndml_fhdb.c:245:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[2048];
data/bareos-17.2.7/src/ndmp/ndml_fhdb.c:252:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (p, " UNIX ");
data/bareos-17.2.7/src/ndmp/ndml_fhdb.c:278:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[128];
data/bareos-17.2.7/src/ndmp/ndml_fhdb.c:279:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[2048];
data/bareos-17.2.7/src/ndmp/ndml_fhdb.c:323:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[2048];
data/bareos-17.2.7/src/ndmp/ndml_fhdb.c:324:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[2048];
data/bareos-17.2.7/src/ndmp/ndml_fhdb.c:331:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (p, " UNIX ");
data/bareos-17.2.7/src/ndmp/ndml_fhdb.c:374:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (p, " m%04lo", fstat->mode.value & 07777);
data/bareos-17.2.7/src/ndmp/ndml_fhdb.c:379:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (p, " u%ld", fstat->uid.value);
data/bareos-17.2.7/src/ndmp/ndml_fhdb.c:384:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (p, " g%ld", fstat->gid.value);
data/bareos-17.2.7/src/ndmp/ndml_fhdb.c:391:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (p, " s%llu", fstat->size.value);
data/bareos-17.2.7/src/ndmp/ndml_fhdb.c:402:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (p, " tm%lu", fstat->mtime.value);
data/bareos-17.2.7/src/ndmp/ndml_fhdb.c:407:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (p, " @%lld", fstat->fh_info.value);
data/bareos-17.2.7/src/ndmp/ndml_log.c:47:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[40];
data/bareos-17.2.7/src/ndmp/ndml_log.c:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/bareos-17.2.7/src/ndmp/ndml_log.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/bareos-17.2.7/src/ndmp/ndml_md5.c:72:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ndmmd5_generate_challenge (char challenge[NDMP_MD5_CHALLENGE_LENGTH])
data/bareos-17.2.7/src/ndmp/ndml_md5.c:87:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ndmmd5_ok_digest (char challenge[NDMP_MD5_CHALLENGE_LENGTH],
data/bareos-17.2.7/src/ndmp/ndml_md5.c:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *clear_text_password,
data/bareos-17.2.7/src/ndmp/ndml_md5.c:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest[NDMP_MD5_DIGEST_LENGTH])
data/bareos-17.2.7/src/ndmp/ndml_md5.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char my_digest[16];
data/bareos-17.2.7/src/ndmp/ndml_md5.c:105:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ndmmd5_digest (char challenge[NDMP_MD5_CHALLENGE_LENGTH],
data/bareos-17.2.7/src/ndmp/ndml_md5.c:106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *clear_text_password,
data/bareos-17.2.7/src/ndmp/ndml_md5.c:107:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest[NDMP_MD5_DIGEST_LENGTH])
data/bareos-17.2.7/src/ndmp/ndml_md5.c:111:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char message[128];
data/bareos-17.2.7/src/ndmp/ndml_media.c:137:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (q, "+%d", me->file_mark_offset);
data/bareos-17.2.7/src/ndmp/ndml_media.c:143:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (q, "/0");
data/bareos-17.2.7/src/ndmp/ndml_media.c:145:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (q, "/%lldG", me->n_bytes/(1024*1024*1024));
data/bareos-17.2.7/src/ndmp/ndml_media.c:147:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (q, "/%lldM", me->n_bytes/(1024*1024));
data/bareos-17.2.7/src/ndmp/ndml_media.c:149:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (q, "/%lldK", me->n_bytes/(1024));
data/bareos-17.2.7/src/ndmp/ndml_media.c:151:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (q, "/%lld", me->n_bytes);
data/bareos-17.2.7/src/ndmp/ndml_media.c:156:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (q, "@%d", me->slot_addr);
data/bareos-17.2.7/src/ndmp/ndml_media.c:214:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<INVALID>>");
data/bareos-17.2.7/src/ndmp/ndml_nmb.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/bareos-17.2.7/src/ndmp/ndml_nmb.c:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char combo[3];
data/bareos-17.2.7/src/ndmp/ndml_stzf.c:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/bareos-17.2.7/src/ndmp/ndml_stzf.c:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * argv[100];
data/bareos-17.2.7/src/ndmp/ndml_stzf.c:184:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (av[1], "r");
data/bareos-17.2.7/src/ndmp/ndmlib.h:251:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char frag_hdr_buf[4]; /* see ndmconn_readit() */
data/bareos-17.2.7/src/ndmp/ndmlib.h:481:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[NDMAGENT_HOST_MAX+1]; /* name */
data/bareos-17.2.7/src/ndmp/ndmlib.h:483:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char account[NDMAGENT_ACCOUNT_MAX+1]; /* clear text */
data/bareos-17.2.7/src/ndmp/ndmlib.h:484:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[NDMAGENT_PASSWORD_MAX+1]; /* clear text */
data/bareos-17.2.7/src/ndmp/ndmlib.h:505:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[NDMOS_CONST_PATH_MAX];
data/bareos-17.2.7/src/ndmp/ndmlib.h:518:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[12];
data/bareos-17.2.7/src/ndmp/ndmlib.h:526:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sense_data[NDMSCSI_MAX_SENSE_DATA];
data/bareos-17.2.7/src/ndmp/ndmlib.h:591:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[NDMMEDIA_LABEL_MAX+1];
data/bareos-17.2.7/src/ndmp/ndmlib.h:698:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int ndmmd5_digest (char challenge[NDMP_MD5_CHALLENGE_LENGTH],
data/bareos-17.2.7/src/ndmp/ndmlib.h:699:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *clear_text_password,
data/bareos-17.2.7/src/ndmp/ndmlib.h:700:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest[NDMP_MD5_DIGEST_LENGTH]);
data/bareos-17.2.7/src/ndmp/ndmlib.h:702:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char challenge[NDMP_MD5_CHALLENGE_LENGTH]);
data/bareos-17.2.7/src/ndmp/ndmlib.h:704:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int ndmmd5_ok_digest (char challenge[NDMP_MD5_CHALLENGE_LENGTH],
data/bareos-17.2.7/src/ndmp/ndmlib.h:705:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *clear_text_password,
data/bareos-17.2.7/src/ndmp/ndmlib.h:706:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest[NDMP_MD5_DIGEST_LENGTH]);
data/bareos-17.2.7/src/ndmp/ndmos.h:392:38: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define NDMOS_API_BCOPY(S,D,N) (void)bcopy((void*)(S),(void*)(D),(N))
data/bareos-17.2.7/src/ndmp/ndmos_common.c:66:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char osbuf[150];
data/bareos-17.2.7/src/ndmp/ndmos_common.c:67:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char idbuf[30];
data/bareos-17.2.7/src/ndmp/ndmos_common.c:68:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char revbuf[100];
data/bareos-17.2.7/src/ndmp/ndmos_common.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[5];
data/bareos-17.2.7/src/ndmp/ndmos_common.c:140:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sess->nac, callbacks, sizeof(struct ndm_auth_callbacks));
data/bareos-17.2.7/src/ndmp/ndmos_common.c:189:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name, char digest[16])
data/bareos-17.2.7/src/ndmp/ndmos_common.c:189:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name, char digest[16])
data/bareos-17.2.7/src/ndmp/ndmos_freebsd.c:240:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(request->cdb.cdb_val, &ccb->csio.cdb_io.cdb_bytes,
data/bareos-17.2.7/src/ndmp/ndmos_freebsd.c:277:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (&ccb->csio.sense_data,
data/bareos-17.2.7/src/ndmp/ndmp0_pp.c:64:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "??? INVALID MESSAGE TYPE");
data/bareos-17.2.7/src/ndmp/ndmp0_pp.c:75:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<INVALID MSG>>");
data/bareos-17.2.7/src/ndmp/ndmp0_pp.c:80:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "version=%d", p->protocol_version);
data/bareos-17.2.7/src/ndmp/ndmp0_pp.c:105:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<INVALID MSG>>");
data/bareos-17.2.7/src/ndmp/ndmp0_pp.c:115:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<ILLEGAL REPLY>>");
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:65:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "??? INVALID MESSAGE TYPE");
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:76:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (NDMOS_API_STREND(buf), "(%lx,%d)",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:92:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<INVALID MSG>>");
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:97:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "version=%d", p->protocol_version);
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:120:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (NDMOS_API_STREND(buf), " ????");
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:148:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<unimplemented pp>>");
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:181:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf (buf, "flags=0x%lx timeout=%ld datain_len=%ld",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:184:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1: sprintf (buf, "cmd[%d]={", p->cdb.cdb_len);
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:186:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (NDMOS_API_STREND(buf), " %02x",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:189:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " }");
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:214:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "data_out_len=%d", p->data_out.data_out_len);
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:220:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "count=%ld", p->count);
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:237:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:268:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:311:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "offset=%lld length=%lld",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:340:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "n_paths=%d", p->paths.paths_len);
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:353:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:363:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "n_dirs=%d", p->dirs.dirs_len);
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:373:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:383:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "n_nodes=%d", p->nodes.nodes_len);
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:396:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:413:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "offset=%lld length=%lld", p->offset, p->length);
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:419:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "offset=%lld length=%lld", p->offset, p->length);
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:425:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "len=%lu", p->len);
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:442:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<INVALID MSG>>");
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:476:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<unimplemented pp>>");
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:489:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 2: sprintf (buf, "auth_type[%d]={", p->auth_type.auth_type_len);
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:495:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " }");
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:498:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:522:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " }");
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:527:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<unimplemented pp>>");
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:548:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1: sprintf (buf, "sense[%d]={", p->ext_sense.ext_sense_len);
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:550:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (NDMOS_API_STREND(buf), " %02x",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:553:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " }");
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:567:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1: sprintf (buf, "soft_errors=%lu block_size=%lu blockno=%lu",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:570:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 2: sprintf (buf, "total_space=%lld space_remain=%lld",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:574:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:615:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 3: sprintf (buf, "bytes_processed=%lld est_bytes_remain=%lld",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:618:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 4: sprintf (buf, "est_time_remain=%ld mover=",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:622:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 5: sprintf (buf, "read_offset=%lld read_length=%lld",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:626:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:646:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:664:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<ILLEGAL REPLY>>");
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:680:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 3: sprintf (buf,"record_size=%lu record_num=%lu data_written=%lld",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:683:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 4: sprintf (buf, "seek=%lld to_read=%lld win_off=%lld win_len=%lld",
data/bareos-17.2.7/src/ndmp/ndmp2_pp.c:688:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:65:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "??? INVALID MESSAGE TYPE");
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:76:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (NDMOS_API_STREND(buf), "(%lx,%d)",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:92:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<INVALID MSG>>");
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:97:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "version=%d", p->protocol_version);
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:122:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (NDMOS_API_STREND(buf), " ????");
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:155:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<unimplemented pp>>");
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:182:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf (buf, "flags=0x%lx timeout=%ld datain_len=%ld",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:185:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1: sprintf (buf, "cmd[%d]={", p->cdb.cdb_len);
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:187:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (NDMOS_API_STREND(buf), " %02x",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:190:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " }");
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:215:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "data_out_len=%d", p->data_out.data_out_len);
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:221:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "count=%ld", p->count);
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:237:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:276:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "..... node=%lld fh_info=%lld",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:281:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:297:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "addr=");
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:337:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "offset=%lld length=%lld",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:381:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "n_files=%d total n_names=%d n_stats=%d",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:391:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "[%d] n_names=%d n_stats=%d node=%lld fhinfo=%lld",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:450:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, " YIKES n_line=%d lineno=%d", n_line, lineno);
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:477:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "n_dirs=%d total n_names=%d",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:487:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "[%ud] n_names=%d node=%lld parent=%lld",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:528:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, " YIKES n_line=%d lineno=%d", n_line, lineno);
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:555:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "n_nodes=%d total n_stats=%d",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:565:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "[%ud] n_stats=%d node=%lld fhinfo=%lld",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:592:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, " YIKES n_line=%d lineno=%d", n_line, lineno);
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:607:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "offset=%lld length=%lld", p->offset, p->length);
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:613:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "offset=%lld length=%lld", p->offset, p->length);
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:619:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "len=%lu", p->len);
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:644:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<INVALID MSG>>");
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:684:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " }");
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:693:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<unimplemented pp>>");
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:701:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<unimplemented pp>>");
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:715:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:723:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<unimplemented pp>>");
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:744:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1: sprintf (buf, "sense[%d]={", p->ext_sense.ext_sense_len);
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:746:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (NDMOS_API_STREND(buf), " %02x",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:749:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " }");
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:764:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1: sprintf (buf, "soft_errors=%lu block_size=%lu blockno=%lu",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:767:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 2: sprintf (buf, "total_space=%lld space_remain=%lld partition=%lu",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:771:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:813:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 3: sprintf (buf, "bytes_processed=%lld est_bytes_remain=%lld",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:816:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 4: sprintf (buf, "est_time_remain=%ld data_conn_addr=",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:821:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 5: sprintf (buf, "read_offset=%lld read_length=%lld",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:825:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:845:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:862:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<ILLEGAL REPLY>>");
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:878:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 3: sprintf (buf,"record_size=%lu record_num=%lu data_written=%lld",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:881:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 4: sprintf (buf, "seek=%lld to_read=%lld win_off=%lld win_len=%lld",
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:885:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 5: sprintf (buf, "data_conn_addr=");
data/bareos-17.2.7/src/ndmp/ndmp3_pp.c:890:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp3_translate.c:2267:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bareos-17.2.7/src/ndmp/ndmp3_translate.c:2343:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:65:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "??? INVALID MESSAGE TYPE");
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:84:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (NDMOS_API_STREND(buf), " #%d(%lx,%d",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:87:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip_addr[100];
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:114:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<INVALID MSG>>");
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:119:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "version=%d", p->protocol_version);
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:144:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (NDMOS_API_STREND(buf), " ????");
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:175:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<unimplemented pp>>");
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:204:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf (buf, "flags=0x%lx timeout=%ld datain_len=%ld",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:207:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1: sprintf (buf, "cmd[%d]={", p->cdb.cdb_len);
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:209:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (NDMOS_API_STREND(buf), " %02x",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:212:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " }");
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:237:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "data_out_len=%d", p->data_out.data_out_len);
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:243:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "count=%ld", p->count);
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:259:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:298:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "..... node=%lld fh_info=%lld",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:303:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:319:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "addr=");
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:355:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "offset=%lld length=%lld",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:399:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "n_files=%d total n_names=%d n_stats=%d",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:409:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "[%ud] n_names=%d n_stats=%d node=%lld fhinfo=%lld",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:468:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, " YIKES n_line=%d lineno=%d", n_line, lineno);
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:495:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "n_dirs=%d total n_names=%d",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:505:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "[%ud] n_names=%d node=%lld parent=%lld",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:546:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, " YIKES n_line=%d lineno=%d", n_line, lineno);
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:573:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "n_nodes=%d total n_stats=%d",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:583:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "[%ud] n_stats=%d node=%lld fhinfo=%lld",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:610:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, " YIKES n_line=%d lineno=%d", n_line, lineno);
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:625:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "offset=%lld length=%lld", p->offset, p->length);
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:631:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "offset=%lld length=%lld", p->offset, p->length);
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:637:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "len=%lu", p->len);
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:662:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<INVALID MSG>>");
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:698:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<unimplemented pp>>");
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:712:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:728:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " }");
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:736:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<unimplemented pp>>");
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:740:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<unimplemented pp>>");
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:761:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1: sprintf (buf, "sense[%d]={", p->ext_sense.ext_sense_len);
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:763:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (NDMOS_API_STREND(buf), " %02x",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:766:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " }");
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:781:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1: sprintf (buf, "soft_errors=%lu block_size=%lu blockno=%lu",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:784:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 2: sprintf (buf, "total_space=%lld space_remain=%lld",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:788:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:830:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 3: sprintf (buf, "bytes_processed=%lld est_bytes_remain=%lld",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:833:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 4: sprintf (buf, "est_time_remain=%ld data_conn_addr=",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:838:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 5: sprintf (buf, "read_offset=%lld read_length=%lld",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:842:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:862:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:879:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "<<ILLEGAL REPLY>>");
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:895:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 3: sprintf (buf,"record_size=%lu record_num=%lu bytes_moved=%lld",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:898:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 4: sprintf (buf, "seek=%lld to_read=%lld win_off=%lld win_len=%lld",
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:902:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 5: sprintf (buf, "data_conn_addr=");
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:907:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "--INVALID--");
data/bareos-17.2.7/src/ndmp/ndmp_msg_buf.h:92:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char _pad[2];
data/bareos-17.2.7/src/ndmp/ndmprotocol.c:103:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char vbuf[8][32];
data/bareos-17.2.7/src/ndmp/ndmprotocol.c:114:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (vbp, "?0x%x?", val);
data/bareos-17.2.7/src/ndmp/ndmprotocol.c:142:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char yikes_buf[40]; /* non-reentrant */
data/bareos-17.2.7/src/ndmp/ndmprotocol.c:159:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (yikes_buf, "v%dmsg0x%04x", protocol_version, msg);
data/bareos-17.2.7/src/ndmp/ndmprotocol.c:167:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char yikes_buf[40]; /* non-reentrant */
data/bareos-17.2.7/src/ndmp/ndmprotocol.c:185:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (yikes_buf, "v%derr%d", protocol_version, err);
data/bareos-17.2.7/src/ndmp/ndmprotocol.c:222:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "V%d? ", vers);
data/bareos-17.2.7/src/ndmp/ndmprotocol.c:250:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "<<INVALID MSG VERS=%d>>", vers);
data/bareos-17.2.7/src/ndmp/ndmprotocol.c:278:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "<<INVALID MSG VERS=%d>>", vers);
data/bareos-17.2.7/src/ndmp/smc.h:50:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[12];
data/bareos-17.2.7/src/ndmp/smc.h:58:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sense_data[SMC_MAX_SENSE_DATA];
data/bareos-17.2.7/src/ndmp/smc.h:72:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char volume_id[32];
data/bareos-17.2.7/src/ndmp/smc.h:141:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ident[32];
data/bareos-17.2.7/src/ndmp/smc.h:162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[64];
data/bareos-17.2.7/src/ndmp/smc_api.c:53:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (smc->errmsg, "SCSI request failed");
data/bareos-17.2.7/src/ndmp/smc_api.c:67:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (smc->errmsg, "SCSI unexpected status");
data/bareos-17.2.7/src/ndmp/smc_api.c:85:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (smc->errmsg,
data/bareos-17.2.7/src/ndmp/smc_api.c:92:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (smc->errmsg, "SCSI check condition");
data/bareos-17.2.7/src/ndmp/smc_api.c:109:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[128];
data/bareos-17.2.7/src/ndmp/smc_api.c:128:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (smc->errmsg, "Not a media changer");
data/bareos-17.2.7/src/ndmp/smc_api.c:170:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[256];
data/bareos-17.2.7/src/ndmp/smc_api.c:194:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (smc->errmsg, "short sense data");
data/bareos-17.2.7/src/ndmp/smc_api.c:202:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (smc->errmsg, "elem_addr_assignment format error");
data/bareos-17.2.7/src/ndmp/smc_api.c:344:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[SMC_PAGE_LEN];
data/bareos-17.2.7/src/ndmp/smc_api.c:384:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (smc->errmsg, "elem_status format error");
data/bareos-17.2.7/src/ndmp/smc_pp.c:61:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "slots %d@%d drive %d@%d arm %d@%d i/e %d@%d",
data/bareos-17.2.7/src/ndmp/smc_pp.c:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bareos-17.2.7/src/ndmp/smc_pp.c:85:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " Full ");
data/bareos-17.2.7/src/ndmp/smc_pp.c:87:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " Empty");
data/bareos-17.2.7/src/ndmp/smc_pp.c:93:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " ?access=granted?");
data/bareos-17.2.7/src/ndmp/smc_pp.c:98:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " ?access=denied?");
data/bareos-17.2.7/src/ndmp/smc_pp.c:109:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (strend(buf), " Except(asc=%02x,ascq=%02x)",
data/bareos-17.2.7/src/ndmp/smc_pp.c:139:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (strend(buf), "ID sid=%d", edp->scsi_sid);
data/bareos-17.2.7/src/ndmp/smc_pp.c:141:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, "no-sid-data");
data/bareos-17.2.7/src/ndmp/smc_pp.c:144:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (strend(buf), " lun=%d", edp->scsi_lun);
data/bareos-17.2.7/src/ndmp/smc_pp.c:146:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " no-lun-data");
data/bareos-17.2.7/src/ndmp/smc_pp.c:150:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " not-same-bus");
data/bareos-17.2.7/src/ndmp/smc_pp.c:161:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " can-import");
data/bareos-17.2.7/src/ndmp/smc_pp.c:163:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " can-not-import");
data/bareos-17.2.7/src/ndmp/smc_pp.c:166:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " can-export");
data/bareos-17.2.7/src/ndmp/smc_pp.c:168:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " can-not-export");
data/bareos-17.2.7/src/ndmp/smc_pp.c:171:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " by-oper");
data/bareos-17.2.7/src/ndmp/smc_pp.c:173:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " by-mte");
data/bareos-17.2.7/src/ndmp/smc_raw.h:292:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char volume_id[32];
data/bareos-17.2.7/src/ndmp/smc_raw.h:293:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char resv32[2];
data/bareos-17.2.7/src/ndmp/smc_raw.h:294:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char volume_seq[2];
data/bareos-17.2.7/src/ndmp/smc_raw.h:807:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char first_elem[2];
data/bareos-17.2.7/src/ndmp/smc_raw.h:808:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char n_elem[2];
data/bareos-17.2.7/src/ndmp/smc_raw.h:810:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char byte_count[3];
data/bareos-17.2.7/src/ndmp/smc_raw.h:818:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char elem_desc_len[2];
data/bareos-17.2.7/src/ndmp/smc_raw.h:820:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char byte_count[3];
data/bareos-17.2.7/src/ndmp/smc_raw.h:824:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char element_address[2];
data/bareos-17.2.7/src/ndmp/smc_raw.h:850:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char src_se_addr[2];
data/bareos-17.2.7/src/ndmp/smc_raw.h:858:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[SMC_VOL_TAG_LEN +
data/bareos-17.2.7/src/ndmp/smc_raw.h:974:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mte_addr[2];
data/bareos-17.2.7/src/ndmp/smc_raw.h:975:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mte_count[2];
data/bareos-17.2.7/src/ndmp/smc_raw.h:976:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char se_addr[2];
data/bareos-17.2.7/src/ndmp/smc_raw.h:977:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char se_count[2];
data/bareos-17.2.7/src/ndmp/smc_raw.h:978:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iee_addr[2];
data/bareos-17.2.7/src/ndmp/smc_raw.h:979:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iee_count[2];
data/bareos-17.2.7/src/ndmp/smc_raw.h:980:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dte_addr[2];
data/bareos-17.2.7/src/ndmp/smc_raw.h:981:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dte_count[2];
data/bareos-17.2.7/src/ndmp/smc_raw.h:982:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char resv18[2];
data/bareos-17.2.7/src/ndmp/wraplib.c:74:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fd = atoi (filename+1);
data/bareos-17.2.7/src/ndmp/wraplib.c:78:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wccb->errmsg, "bad -I#N");
data/bareos-17.2.7/src/ndmp/wraplib.c:87:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (filename, "w");
data/bareos-17.2.7/src/ndmp/wraplib.c:130:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fd = atoi (filename+1);
data/bareos-17.2.7/src/ndmp/wraplib.c:134:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wccb->errmsg, "bad -f#N");
data/bareos-17.2.7/src/ndmp/wraplib.c:138:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (filename, o_mode, 0666);
data/bareos-17.2.7/src/ndmp/wraplib.c:154:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/bareos-17.2.7/src/ndmp/wraplib.c:159:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%04d ", ++wccb->log_seq_num);
data/bareos-17.2.7/src/ndmp/wraplib.c:210:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wccb->errmsg, "too few arguments");
data/bareos-17.2.7/src/ndmp/wraplib.c:230:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wccb->errmsg, "only one of -c, -x, -t");
data/bareos-17.2.7/src/ndmp/wraplib.c:238:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wccb->errmsg, "only one -B allowed");
data/bareos-17.2.7/src/ndmp/wraplib.c:245:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wccb->d_debug = atoi(optarg);
data/bareos-17.2.7/src/ndmp/wraplib.c:250:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wccb->errmsg, "-E overflow");
data/bareos-17.2.7/src/ndmp/wraplib.c:266:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wccb->errmsg, "only one -f allowed");
data/bareos-17.2.7/src/ndmp/wraplib.c:274:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wccb->errmsg, "only one -I allowed");
data/bareos-17.2.7/src/ndmp/wraplib.c:282:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wccb->errmsg, "-o overflow");
data/bareos-17.2.7/src/ndmp/wraplib.c:290:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wccb->errmsg, "unknown option");
data/bareos-17.2.7/src/ndmp/wraplib.c:300:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wccb->errmsg, "one of -c, -x, or -t required");
data/bareos-17.2.7/src/ndmp/wraplib.c:305:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wccb->errmsg, "extra args not allowed for -c");
data/bareos-17.2.7/src/ndmp/wraplib.c:324:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wccb->errmsg, "file table overflow");
data/bareos-17.2.7/src/ndmp/wraplib.c:346:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wccb->errmsg, "superfluous args at end");
data/bareos-17.2.7/src/ndmp/wraplib.c:455:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wrap_pipe_fork_exec (char *cmd, int fdmap[3])
data/bareos-17.2.7/src/ndmp/wraplib.c:477:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
nullfd = open ("/dev/null", 2);
data/bareos-17.2.7/src/ndmp/wraplib.c:1295:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wccb->errmsg, "EOF on data connection");
data/bareos-17.2.7/src/ndmp/wraplib.c:1298:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (wccb->errmsg, "errno %d on data connection",
data/bareos-17.2.7/src/ndmp/wraplib.c:1402:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (wccb->errmsg, "Can't fstat() data conn rc=%d",
data/bareos-17.2.7/src/ndmp/wraplib.c:1409:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wccb->errmsg,
data/bareos-17.2.7/src/ndmp/wraplib.c:1416:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (wccb->errmsg, "Unsupported data_conn type %o",
data/bareos-17.2.7/src/ndmp/wraplib.h:92:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int wrap_pipe_fork_exec (char *cmd, int fdmap[3]);
data/bareos-17.2.7/src/ndmp/wraplib.h:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[WRAP_MAX_NAME];
data/bareos-17.2.7/src/ndmp/wraplib.h:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * o_option[WRAP_MAX_O_OPTION]; /* -o OPTION */
data/bareos-17.2.7/src/ndmp/wraplib.h:216:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[WRAP_MAX_PATH];
data/bareos-17.2.7/src/ndmp/wraplib.h:265:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[WRAP_MAX_PATH];
data/bareos-17.2.7/src/ndmp/wraplib.h:277:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[WRAP_MAX_NAME];
data/bareos-17.2.7/src/ndmp/wraplib.h:297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[WRAP_MAX_NAME];
data/bareos-17.2.7/src/ndmp/wraplib.h:298:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[WRAP_MAX_PATH];
data/bareos-17.2.7/src/ndmp/wraplib.h:349:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[WRAP_MAX_PATH];
data/bareos-17.2.7/src/plugins/filed/bpipe-fd.c:121:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char where[512];
data/bareos-17.2.7/src/plugins/filed/bpipe-fd.c:553:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char add[10];
data/bareos-17.2.7/src/plugins/filed/cephfs-fd.c:129:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[FOPTS_BYTES]; /* Bareos internal flags */
data/bareos-17.2.7/src/plugins/filed/cephfs-fd.c:1570:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *xattr_acl_skiplist[3] = {
data/bareos-17.2.7/src/plugins/filed/cephfs-fd.c:1694:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ap->content, serialized_acls.c_str(), content_length);
data/bareos-17.2.7/src/plugins/filed/cephfs-fd.c:1890:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xp->value, xattr_value.c_str(), xattr_value_length);
data/bareos-17.2.7/src/plugins/filed/gfapi-fd.c:134:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[FOPTS_BYTES]; /* Bareos internal flags */
data/bareos-17.2.7/src/plugins/filed/gfapi-fd.c:1619:38: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((p_ctx->file_list_handle = fopen(p_ctx->gf_file_list, "r")) == (FILE *)NULL) {
data/bareos-17.2.7/src/plugins/filed/gfapi-fd.c:2104:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *xattr_acl_skiplist[3] = {
data/bareos-17.2.7/src/plugins/filed/gfapi-fd.c:2228:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ap->content, serialized_acls.c_str(), content_length);
data/bareos-17.2.7/src/plugins/filed/gfapi-fd.c:2425:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xp->value, xattr_value.c_str(), xattr_value_length);
data/bareos-17.2.7/src/plugins/filed/python-fd.c:1666:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p_ctx->object, buf, pSavePkt->object_len);
data/bareos-17.2.7/src/plugins/filed/python-fd.c:1865:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(io->buf, buf, io->status);
data/bareos-17.2.7/src/plugins/filed/python-fd.c:2222:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ap->content, buf, ap->content_length);
data/bareos-17.2.7/src/plugins/filed/python-fd.c:2365:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xp->name, buf, xp->name_length);
data/bareos-17.2.7/src/plugins/filed/python-fd.c:2380:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xp->value, buf, xp->value_length);
data/bareos-17.2.7/src/plugins/filed/python-fd.c:3425:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char visual_bitmap[FO_MAX + 1];
data/bareos-17.2.7/src/plugins/filed/rados-fd.c:1188:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xp->value, xattr_value, xattr_value_length);
data/bareos-17.2.7/src/plugins/filed/test-deltaseq-fd.c:336:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
self->fd = fopen(io->fname, "r+");
data/bareos-17.2.7/src/plugins/filed/test-deltaseq-fd.c:338:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
self->fd = fopen(io->fname, "w"); /* file doesn't exist,create it */
data/bareos-17.2.7/src/plugins/filed/test-deltaseq-fd.c:348:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
self->fd = fopen(self->fname, "r");
data/bareos-17.2.7/src/plugins/filed/test-plugin-fd.c:125:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char where[512];
data/bareos-17.2.7/src/plugins/filed/test-plugin-fd.c:278:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(q, "w")) != NULL) {
data/bareos-17.2.7/src/plugins/filed/test-plugin-fd.c:576:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(q, "w")) != NULL) {
data/bareos-17.2.7/src/plugins/stored/autoxflate-sd.c:744:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nrec->data, rec->data, OFFSET_FADDR_SIZE);
data/bareos-17.2.7/src/plugins/stored/scsicrypto-sd.c:314:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char StoredVolEncrKey[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/plugins/stored/scsicrypto-sd.c:315:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolEncrKey[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/plugins/stored/scsicrypto-sd.c:382:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char WrappedVolEncrKey[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/plugins/stored/scsicrypto-sd.c:384:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(WrappedVolEncrKey, VolEncrKey, MAX_NAME_LENGTH);
data/bareos-17.2.7/src/qt-tray-monitor/authenticate.cpp:63:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bashed_name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/qt-tray-monitor/authenticate.cpp:113:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/qt-tray-monitor/authenticate.cpp:170:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/qt-tray-monitor/tray-monitor.cpp:84:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bareos-17.2.7/src/qt-tray-monitor/tray_conf.cpp:337:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res, &res_all, resources[rindex].size);
data/bareos-17.2.7/src/stored/acquire.c:78:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/stored/acquire.c:222:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/stored/acquire.c:238:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dev->open(dcr, OPEN_READ_ONLY)) {
data/bareos-17.2.7/src/stored/acquire.c:492:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[100];
data/bareos-17.2.7/src/stored/ansi_label.c:60:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[80]; /* tape label */
data/bareos-17.2.7/src/stored/ansi_label.c:295:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ansi_volname[7]; /* 6 char + \0 */
data/bareos-17.2.7/src/stored/ansi_label.c:296:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[80]; /* tape label */
data/bareos-17.2.7/src/stored/ansi_label.c:297:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[20]; /* ansi date buffer */
data/bareos-17.2.7/src/stored/append.c:54:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100];
data/bareos-17.2.7/src/stored/append.c:58:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec[50];
data/bareos-17.2.7/src/stored/askdir.c:346:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50], ed3[50], ed4[50], ed5[50], ed6[50];
data/bareos-17.2.7/src/stored/askdir.c:425:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/stored/autochanger.c:758:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100], *p;
data/bareos-17.2.7/src/stored/autochanger.c:886:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/stored/backends/chunked_device.c:85:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/stored/backends/chunked_device.c:172:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/stored/backends/chunked_device.c:202:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&handle->thread_id, &thread_id, sizeof(pthread_t));
data/bareos-17.2.7/src/stored/backends/chunked_device.c:219:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/stored/backends/chunked_device.c:269:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = ::open(inflight_file.c_str(), O_CREAT | O_EXCL | O_WRONLY, 0640);
data/bareos-17.2.7/src/stored/backends/chunked_device.c:449:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/stored/backends/chunked_device.c:815:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, m_current_chunk->buffer + wanted_offset, bytes_left);
data/bareos-17.2.7/src/stored/backends/chunked_device.c:842:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char *)buffer + offset), m_current_chunk->buffer + wanted_offset, bytes_left);
data/bareos-17.2.7/src/stored/backends/chunked_device.c:876:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char *)buffer + offset), m_current_chunk->buffer, bytes_left);
data/bareos-17.2.7/src/stored/backends/chunked_device.c:942:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_current_chunk->buffer + wanted_offset, buffer, count);
data/bareos-17.2.7/src/stored/backends/chunked_device.c:972:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_current_chunk->buffer + wanted_offset, ((char *)buffer + offset), bytes_left);
data/bareos-17.2.7/src/stored/backends/chunked_device.c:999:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_current_chunk->buffer, ((char *)buffer + offset), bytes_left);
data/bareos-17.2.7/src/stored/backends/chunked_device.c:1243:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->buffer, src->buffer, src->wbuflen);
data/bareos-17.2.7/src/stored/backends/generic_tape_device.c:860:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bareos-17.2.7/src/stored/backends/generic_tape_device.c:1159:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(dcr, oo_mode);
data/bareos-17.2.7/src/stored/backends/generic_tape_device.c:1454:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return ::open(pathname, flags, mode);
data/bareos-17.2.7/src/stored/backends/unix_fifo_device.c:305:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return ::open(pathname, flags, mode);
data/bareos-17.2.7/src/stored/backends/unix_file_device.c:192:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return ::open(pathname, flags, mode);
data/bareos-17.2.7/src/stored/backends/unix_file_device.c:284:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((m_fd = ::open(archive_name.c_str(), oflags, st.st_mode)) < 0) {
data/bareos-17.2.7/src/stored/bcopy.c:121:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bareos-17.2.7/src/stored/bcopy.c:227:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!out_dev->open(out_jcr->dcr, OPEN_READ_WRITE)) {
data/bareos-17.2.7/src/stored/bextract.c:92:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1000];
data/bareos-17.2.7/src/stored/bextract.c:135:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bareos-17.2.7/src/stored/bextract.c:143:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(optarg, "rb")) == NULL) {
data/bareos-17.2.7/src/stored/bextract.c:158:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(optarg, "rb")) == NULL) {
data/bareos-17.2.7/src/stored/bextract.c:275:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dds->content, content, content_length);
data/bareos-17.2.7/src/stored/bextract.c:593:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50];
data/bareos-17.2.7/src/stored/block.c:61:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Id[BLKHDR_ID_LENGTH+1];
data/bareos-17.2.7/src/stored/block.c:69:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bareos-17.2.7/src/stored/block.c:151:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block, eblock, sizeof(DEV_BLOCK));
data/bareos-17.2.7/src/stored/block.c:153:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block->buf, eblock->buf, buf_len);
data/bareos-17.2.7/src/stored/block.c:240:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Id[BLKHDR_ID_LENGTH+1];
data/bareos-17.2.7/src/stored/block.c:528:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/stored/block.c:1166:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/stored/bls.c:89:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1000];
data/bareos-17.2.7/src/stored/bls.c:134:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bareos-17.2.7/src/stored/bls.c:142:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(optarg, "rb")) == NULL) {
data/bareos-17.2.7/src/stored/bls.c:157:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(optarg, "rb")) == NULL) {
data/bareos-17.2.7/src/stored/bls.c:292:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bareos-17.2.7/src/stored/bscan.c:189:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bareos-17.2.7/src/stored/bscan.c:201:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
db_port = atoi(optarg);
data/bareos-17.2.7/src/stored/bscan.c:310:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/stored/bscan.c:411:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/stored/bscan.c:486:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30];
data/bareos-17.2.7/src/stored/bscan.c:492:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest[BASE64_SIZE(CRYPTO_DIGEST_MAX_SIZE)];
data/bareos-17.2.7/src/stored/bscan.c:809:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30], ed2[30], ed3[30], ed4[30];
data/bareos-17.2.7/src/stored/bscan.c:1374:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char term_code[70];
data/bareos-17.2.7/src/stored/bscan.c:1375:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdt[50], edt[50];
data/bareos-17.2.7/src/stored/bscan.c:1376:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30], ec2[30], ec3[30];
data/bareos-17.2.7/src/stored/bscan.c:1394:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(term_code, _("Job Termination code: %d"), mjcr->JobStatus);
data/bareos-17.2.7/src/stored/btape.c:46:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100000];
data/bareos-17.2.7/src/stored/btape.c:48:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolName[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/btape.c:94:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *argk[MAX_CMD_ARGS];
data/bareos-17.2.7/src/stored/btape.c:95:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *argv[MAX_CMD_ARGS];
data/bareos-17.2.7/src/stored/btape.c:148:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bareos-17.2.7/src/stored/btape.c:221:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bareos-17.2.7/src/stored/btape.c:388:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50], ec2[50];
data/bareos-17.2.7/src/stored/btape.c:403:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50], ec2[50];
data/bareos-17.2.7/src/stored/btape.c:434:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/urandom", O_RDONLY);
data/bareos-17.2.7/src/stored/btape.c:479:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dev->open(dcr, OPEN_READ_WRITE)) {
data/bareos-17.2.7/src/stored/btape.c:605:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(argk[1]);
data/bareos-17.2.7/src/stored/btape.c:657:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(argk[1]);
data/bareos-17.2.7/src/stored/btape.c:677:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(argk[1]);
data/bareos-17.2.7/src/stored/btape.c:907:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[200];
data/bareos-17.2.7/src/stored/btape.c:952:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[200];
data/bareos-17.2.7/src/stored/btape.c:1034:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
file_size = atoi(argv[i]);
data/bareos-17.2.7/src/stored/btape.c:1042:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nb_file = atoi(argv[i]);
data/bareos-17.2.7/src/stored/btape.c:1515:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
loaded = atoi(results);
data/bareos-17.2.7/src/stored/btape.c:1848:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(argk[1]);
data/bareos-17.2.7/src/stored/btape.c:1870:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(argk[1]);
data/bareos-17.2.7/src/stored/btape.c:1892:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dev->open(dcr, OPEN_READ_ONLY);
data/bareos-17.2.7/src/stored/btape.c:1947:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(cmd);
data/bareos-17.2.7/src/stored/btape.c:1975:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50];
data/bareos-17.2.7/src/stored/btape.c:2059:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50];
data/bareos-17.2.7/src/stored/btape.c:2060:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bareos-17.2.7/src/stored/btape.c:2200:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50], ec2[50];
data/bareos-17.2.7/src/stored/btape.c:2201:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bareos-17.2.7/src/stored/btape.c:2380:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/stored/btape.c:2420:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(buf, O_CREAT|O_TRUNC|O_WRONLY, 0640);
data/bareos-17.2.7/src/stored/btape.c:2482:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(buf, O_RDONLY);
data/bareos-17.2.7/src/stored/btape.c:2749:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50], ec2[50];
data/bareos-17.2.7/src/stored/btape.c:2820:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this_block->buf, block->buf, this_block->buf_len);
data/bareos-17.2.7/src/stored/btape.c:2853:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
count = atoi(cmd);
data/bareos-17.2.7/src/stored/btape.c:3141:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50], ec2[50];
data/bareos-17.2.7/src/stored/butil.c:110:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolName[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/crc32.c:422:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5000];
data/bareos-17.2.7/src/stored/crc32.c:442:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(argv[0], "rb");
data/bareos-17.2.7/src/stored/dev.c:126:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100];
data/bareos-17.2.7/src/stored/dev.c:537:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool DEVICE::open(DCR *dcr, int omode)
data/bareos-17.2.7/src/stored/dev.c:539:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char preserve[ST_BYTES];
data/bareos-17.2.7/src/stored/dev.c:1110:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char add[20];
data/bareos-17.2.7/src/stored/dev.h:243:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolCatStatus[20]; /**< Volume status */
data/bareos-17.2.7/src/stored/dev.h:244:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolCatName[MAX_NAME_LENGTH]; /**< Desired volume to mount */
data/bareos-17.2.7/src/stored/dev.h:245:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolEncrKey[MAX_NAME_LENGTH]; /**< Encryption Key needed to read the media */
data/bareos-17.2.7/src/stored/dev.h:302:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char capabilities[CAP_BYTES]; /**< Capabilities mask */
data/bareos-17.2.7/src/stored/dev.h:303:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state[ST_BYTES]; /**< State mask */
data/bareos-17.2.7/src/stored/dev.h:344:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pool_name[MAX_NAME_LENGTH]; /**< Pool name */
data/bareos-17.2.7/src/stored/dev.h:345:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pool_type[MAX_NAME_LENGTH]; /**< Pool type */
data/bareos-17.2.7/src/stored/dev.h:347:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char UnloadVolName[MAX_NAME_LENGTH]; /**< Last wrong Volume mounted */
data/bareos-17.2.7/src/stored/dev.h:471:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(DCR *dcr, int mode);
data/bareos-17.2.7/src/stored/dev.h:650:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolumeName[MAX_NAME_LENGTH]; /**< Volume name */
data/bareos-17.2.7/src/stored/dev.h:651:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pool_name[MAX_NAME_LENGTH]; /**< Pool name */
data/bareos-17.2.7/src/stored/dev.h:652:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pool_type[MAX_NAME_LENGTH]; /**< Pool type */
data/bareos-17.2.7/src/stored/dev.h:653:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char media_type[MAX_NAME_LENGTH]; /**< Media type */
data/bareos-17.2.7/src/stored/dev.h:654:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[MAX_NAME_LENGTH]; /**< Dev name */
data/bareos-17.2.7/src/stored/device.c:80:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PrevVolName[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/device.c:82:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b1[30], b2[30];
data/bareos-17.2.7/src/stored/device.c:84:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/stored/device.c:288:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dev->open(dcr, mode)) {
data/bareos-17.2.7/src/stored/device.c:313:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dev->open(dcr, mode)) {
data/bareos-17.2.7/src/stored/dir_cmd.c:387:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/dir_cmd.c:459:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/dir_cmd.c:563:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addresses[2048];
data/bareos-17.2.7/src/stored/dir_cmd.c:564:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[2048];
data/bareos-17.2.7/src/stored/dir_cmd.c:707:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/stored/dir_cmd.c:737:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dev->open(dcr, mode)) {
data/bareos-17.2.7/src/stored/dir_cmd.c:973:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dev->open(dcr, OPEN_READ_ONLY)) {
data/bareos-17.2.7/src/stored/dir_cmd.c:1024:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dev->open(dcr, OPEN_READ_ONLY)) {
data/bareos-17.2.7/src/stored/dir_cmd.c:1174:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/dir_cmd.c:1175:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char volumename[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/dir_cmd.c:1290:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bs = fopen(fname, "a+b"); /* create file */
data/bareos-17.2.7/src/stored/dir_cmd.c:1576:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char JobName[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/dir_cmd.c:1577:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stored_addr[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/dir_cmd.c:1675:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filed_addr[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/dir_cmd.c:1746:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plugin_options[2048];
data/bareos-17.2.7/src/stored/ebcdic.c:33:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char to_ascii_table[256] = {
data/bareos-17.2.7/src/stored/ebcdic.c:102:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char to_ebcdic_table[256] = {
data/bareos-17.2.7/src/stored/fd_cmds.c:174:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30];
data/bareos-17.2.7/src/stored/job.c:73:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auth_key[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/job.c:74:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seed[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/job.c:75:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spool_size[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/job.c:252:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auth_key[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/job.c:253:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seed[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/job.c:337:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30];
data/bareos-17.2.7/src/stored/label.c:81:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dev->open(dcr, OPEN_READ_ONLY)) {
data/bareos-17.2.7/src/stored/label.c:372:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dev->open(dcr, OPEN_READ_WRITE)) {
data/bareos-17.2.7/src/stored/label.c:374:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (dev->is_tape() || !dev->open(dcr, CREATE_READ_WRITE)) {
data/bareos-17.2.7/src/stored/label.c:490:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dev->open(dcr, OPEN_READ_WRITE)) {
data/bareos-17.2.7/src/stored/label.c:538:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dev->open(dcr, OPEN_READ_WRITE)) {
data/bareos-17.2.7/src/stored/label.c:634:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bareos-17.2.7/src/stored/label.c:797:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bareos-17.2.7/src/stored/label.c:866:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bareos-17.2.7/src/stored/label.c:969:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/bareos-17.2.7/src/stored/label.c:995:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, _("Unknown %d"), dev->VolHdr.LabelType);
data/bareos-17.2.7/src/stored/label.c:1019:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[50];
data/bareos-17.2.7/src/stored/label.c:1041:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30], ec2[30], ec3[30], ec4[30], ec5[30], ec6[30], ec7[30];
data/bareos-17.2.7/src/stored/label.c:1087:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[50];
data/bareos-17.2.7/src/stored/label.c:1163:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[50];
data/bareos-17.2.7/src/stored/label.c:1174:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30], ed2[30];
data/bareos-17.2.7/src/stored/lock.c:395:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/stored/mac.c:118:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bareos-17.2.7/src/stored/mac.c:299:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bareos-17.2.7/src/stored/mac.c:496:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50];
data/bareos-17.2.7/src/stored/mount.c:244:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dev->open(dcr, mode)) {
data/bareos-17.2.7/src/stored/mount.c:248:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
while (!dev->open(dcr, mode)) {
data/bareos-17.2.7/src/stored/mount.c:254:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (dev->open(dcr, mode)) {
data/bareos-17.2.7/src/stored/mount.c:467:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saveVolumeName[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/mount.c:705:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50], ed2[50];
data/bareos-17.2.7/src/stored/ndmp_tape.c:265:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern "C" int bndmp_auth_md5(struct ndm_session *sess, char *name, char digest[16])
data/bareos-17.2.7/src/stored/ndmp_tape.c:265:69: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern "C" int bndmp_auth_md5(struct ndm_session *sess, char *name, char digest[16])
data/bareos-17.2.7/src/stored/ndmp_tape.c:447:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, rctx->rec->data, rctx->rec->data_len);
data/bareos-17.2.7/src/stored/ndmp_tape.c:1051:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec[50];
data/bareos-17.2.7/src/stored/ndmp_tape.c:1288:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/bareos-17.2.7/src/stored/ndmp_tape.c:1315:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char allbuf[256 * 10];
data/bareos-17.2.7/src/stored/ndmp_tape.c:1334:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curbuf[256];
data/bareos-17.2.7/src/stored/read.c:120:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50], ec2[50];
data/bareos-17.2.7/src/stored/read_record.c:48:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/bareos-17.2.7/src/stored/read_record.c:80:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[200];
data/bareos-17.2.7/src/stored/record.c:45:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", fi);
data/bareos-17.2.7/src/stored/record.c:69:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, _("unknown: %d"), fi);
data/bareos-17.2.7/src/stored/record.c:171:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest[BASE64_SIZE(CRYPTO_DIGEST_MAX_SIZE)];
data/bareos-17.2.7/src/stored/record.c:211:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", stream);
data/bareos-17.2.7/src/stored/record.c:283:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", -stream);
data/bareos-17.2.7/src/stored/record.c:350:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", stream);
data/bareos-17.2.7/src/stored/record.c:417:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[100];
data/bareos-17.2.7/src/stored/record.c:444:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stream_buf[100];
data/bareos-17.2.7/src/stored/record.c:457:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stream[128];
data/bareos-17.2.7/src/stored/record.c:458:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char findex[128];
data/bareos-17.2.7/src/stored/record.c:535:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, sizeof(DEV_RECORD));
data/bareos-17.2.7/src/stored/record.c:604:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block->bufp,
data/bareos-17.2.7/src/stored/record.c:643:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bareos-17.2.7/src/stored/record.c:715:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bareos-17.2.7/src/stored/record.c:886:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/bareos-17.2.7/src/stored/record.c:1020:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rec->data+rec->data_len, dcr->block->bufp, data_bytes);
data/bareos-17.2.7/src/stored/record.c:1028:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rec->data+rec->data_len, dcr->block->bufp, remlen);
data/bareos-17.2.7/src/stored/record.h:122:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state_bits[REC_STATE_BYTES]; /**< State bits */
data/bareos-17.2.7/src/stored/record.h:165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Id[32]; /**< Bareos Immortal ... */
data/bareos-17.2.7/src/stored/record.h:181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolumeName[MAX_NAME_LENGTH]; /**< Volume name */
data/bareos-17.2.7/src/stored/record.h:182:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PrevVolumeName[MAX_NAME_LENGTH]; /**< Previous Volume Name */
data/bareos-17.2.7/src/stored/record.h:183:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PoolName[MAX_NAME_LENGTH]; /**< Pool name */
data/bareos-17.2.7/src/stored/record.h:184:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PoolType[MAX_NAME_LENGTH]; /**< Pool type */
data/bareos-17.2.7/src/stored/record.h:185:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MediaType[MAX_NAME_LENGTH]; /**< Type of this media */
data/bareos-17.2.7/src/stored/record.h:187:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HostName[MAX_NAME_LENGTH]; /**< Host name of writing computer */
data/bareos-17.2.7/src/stored/record.h:188:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LabelProg[50]; /**< Label program name */
data/bareos-17.2.7/src/stored/record.h:189:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ProgVersion[50]; /**< Program version */
data/bareos-17.2.7/src/stored/record.h:190:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ProgDate[50]; /**< Program build date/time */
data/bareos-17.2.7/src/stored/record.h:204:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Id[32]; /**< Bareos Immortal ... */
data/bareos-17.2.7/src/stored/record.h:220:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PoolName[MAX_NAME_LENGTH]; /**< Pool name */
data/bareos-17.2.7/src/stored/record.h:221:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PoolType[MAX_NAME_LENGTH]; /**< Pool type */
data/bareos-17.2.7/src/stored/record.h:222:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char JobName[MAX_NAME_LENGTH]; /**< base Job name */
data/bareos-17.2.7/src/stored/record.h:223:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ClientName[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/record.h:224:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Job[MAX_NAME_LENGTH]; /**< Unique name of this Job */
data/bareos-17.2.7/src/stored/record.h:225:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FileSetName[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/record.h:226:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FileSetMD5[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/reserve.h:43:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/reserve.h:44:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char media_type[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/reserve.h:45:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pool_name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/reserve.h:46:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pool_type[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/reserve.h:67:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolumeName[MAX_NAME_LENGTH]; /**< Vol name suggested by DIR */
data/bareos-17.2.7/src/stored/scan.c:44:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VolumeName[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/sd_cmds.c:222:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30];
data/bareos-17.2.7/src/stored/sd_plugins.c:99:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char events[nbytes_for_bits(SD_NR_EVENTS + 1)]; /* enabled events bitmask */
data/bareos-17.2.7/src/stored/sd_plugins.c:179:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/stored/sd_plugins.c:994:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plugin_dir[1000];
data/bareos-17.2.7/src/stored/sd_stats.c:73:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DevName[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/socket_server.c:59:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/socket_server.c:60:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/stored/spool.c:74:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[30], ed2[30];
data/bareos-17.2.7/src/stored/spool.c:166:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((spool_fd = open(name, O_CREAT | O_TRUNC | O_RDWR | O_BINARY, 0640)) >= 0) {
data/bareos-17.2.7/src/stored/spool.c:229:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[50];
data/bareos-17.2.7/src/stored/spool.c:502:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30], ec2[30];
data/bareos-17.2.7/src/stored/spool.c:729:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30];
data/bareos-17.2.7/src/stored/spool.c:730:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/stored/spool.c:803:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bs->m_spool_fd = open(name, O_CREAT | O_TRUNC | O_RDWR | O_BINARY, 0640);
data/bareos-17.2.7/src/stored/spool.c:825:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/stored/status.c:272:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b1[35], b2[35], b3[35];
data/bareos-17.2.7/src/stored/status.c:472:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/stored/status.c:473:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b1[35], b2[35], b3[35], b4[35], b5[35];
data/bareos-17.2.7/src/stored/status.c:475:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[300];
data/bareos-17.2.7/src/stored/status.c:728:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char JobName[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/status.c:729:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b1[50], b2[50], b3[50], b4[50];
data/bareos-17.2.7/src/stored/status.c:889:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char level[10];
data/bareos-17.2.7/src/stored/status.c:892:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH], b1[30], b2[30];
data/bareos-17.2.7/src/stored/status.c:917:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char JobName[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/stored/status.c:1049:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bs->msg, msg, len+1);
data/bareos-17.2.7/src/stored/status.c:1067:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bs->msg, msg.c_str(), len+1);
data/bareos-17.2.7/src/stored/stored.c:147:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bareos-17.2.7/src/stored/stored.c:551:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prbuf[500];
data/bareos-17.2.7/src/stored/stored_conf.c:759:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res, &res_all, resources[rindex].size);
data/bareos-17.2.7/src/stored/stored_conf.h:143:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cap_bits[CAP_BYTES]; /**< Capabilities of this device */
data/bareos-17.2.7/src/stored/wait.c:229:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[50];
data/bareos-17.2.7/src/tests/bbatch.c:142:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bareos-17.2.7/src/tests/bbatch.c:339:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1024];
data/bareos-17.2.7/src/tests/bbatch.c:346:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fd = fopen(datafile, "r");
data/bareos-17.2.7/src/tests/bbatch.c:366:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ed1[200], ed2[200];
data/bareos-17.2.7/src/tests/bregtest.c:63:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1000];
data/bareos-17.2.7/src/tests/bregtest.c:76:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bareos-17.2.7/src/tests/bregtest.c:126:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fname, "r");
data/bareos-17.2.7/src/tests/cats_test.c:224:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[20];
data/bareos-17.2.7/src/tests/cats_test.c:252:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bareos-17.2.7/src/tests/cats_test.c:478:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "This string should be 'escaped'");
data/bareos-17.2.7/src/tests/cats_test.c:514:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(jr2.Job, "test");
data/bareos-17.2.7/src/tests/cats_test.c:582:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cr.Uname, "NewUname");
data/bareos-17.2.7/src/tests/cats_test.c:618:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pr.PoolType, "Backup");
data/bareos-17.2.7/src/tests/cats_test.c:644:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pr2.PoolType, "Restore");
data/bareos-17.2.7/src/tests/cats_test.c:645:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pr2.LabelFormat, "VolFormat");
data/bareos-17.2.7/src/tests/gigaslam.c:42:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("gigaslam.gif", "w");
data/bareos-17.2.7/src/tests/grow.c:46:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[1], "r+");
data/bareos-17.2.7/src/tests/ing_test.c:113:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bareos-17.2.7/src/tests/ing_test.c:204:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *stmt1[8] = {
data/bareos-17.2.7/src/tests/ing_test.c:237:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *stmt2[8] = {
data/bareos-17.2.7/src/tests/ing_test.c:269:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *stmt[11] = {
data/bareos-17.2.7/src/tests/testls.c:77:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1000];
data/bareos-17.2.7/src/tests/testls.c:99:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bareos-17.2.7/src/tests/testls.c:145:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(inc, "rb");
data/bareos-17.2.7/src/tests/testls.c:158:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(exc, "rb");
data/bareos-17.2.7/src/tests/testls.c:240:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2000];
data/bareos-17.2.7/src/tests/testls.c:241:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec1[30];
data/bareos-17.2.7/src/tests/testls.c:250:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, " %2d ", (uint32_t)statp->st_nlink);
data/bareos-17.2.7/src/tests/testls.c:252:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, "%-4d %-4d", (int)statp->st_uid, (int)statp->st_gid);
data/bareos-17.2.7/src/tests/testls.c:254:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, "%10.10s ", edit_uint64(statp->st_size, ec1));
data/bareos-17.2.7/src/tests/testls.c:257:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, "%4x ", (int)statp->st_rdev);
data/bareos-17.2.7/src/tests/testls.c:259:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, " ");
data/bareos-17.2.7/src/tools/bpluginfo.c:243:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pdata->bapiversion = atoi(optarg);
data/bareos-17.2.7/src/tools/bregex.c:75:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prbuf[500];
data/bareos-17.2.7/src/tools/bregex.c:78:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1000];
data/bareos-17.2.7/src/tools/bregex.c:79:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pat[500];
data/bareos-17.2.7/src/tools/bregex.c:96:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bareos-17.2.7/src/tools/bregex.c:146:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fname, "r");
data/bareos-17.2.7/src/tools/bscrypto.c:77:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keydata[64];
data/bareos-17.2.7/src/tools/bscrypto.c:78:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wrapdata[64];
data/bareos-17.2.7/src/tools/bscrypto.c:100:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bareos-17.2.7/src/tools/bscrypto.c:230:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_cache_entry[256];
data/bareos-17.2.7/src/tools/bscrypto.c:304:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
kfd = open(wrap_keyfile, O_RDONLY);
data/bareos-17.2.7/src/tools/bscrypto.c:362:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
kfd = open(keyfile, O_WRONLY | O_CREAT, 0644);
data/bareos-17.2.7/src/tools/bscrypto.c:406:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
kfd = open(keyfile, O_RDONLY);
data/bareos-17.2.7/src/tools/bscrypto.c:528:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
kfd = open(keyfile, O_RDONLY);
data/bareos-17.2.7/src/tools/bsmtp.c:88:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char my_hostname[MAXSTRING];
data/bareos-17.2.7/src/tools/bsmtp.c:122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bareos-17.2.7/src/tools/bsmtp.c:237:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tzbuf[MAXSTRING];
data/bareos-17.2.7/src/tools/bsmtp.c:257:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bareos-17.2.7/src/tools/bsmtp.c:271:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mail_port[10];
data/bareos-17.2.7/src/tools/bsmtp.c:318:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bareos-17.2.7/src/tools/bsmtp.c:335:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mailport = atoi(p);
data/bareos-17.2.7/src/tools/bsmtp.c:351:37: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxlines = (unsigned long) atol(optarg);
data/bareos-17.2.7/src/tools/bsmtp.c:523:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&sin.sin_addr, hp->h_addr, hp->h_length);
data/bareos-17.2.7/src/tools/bwild.c:52:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1000];
data/bareos-17.2.7/src/tools/bwild.c:53:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pat[500];
data/bareos-17.2.7/src/tools/bwild.c:68:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/bareos-17.2.7/src/tools/bwild.c:115:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fname, "r");
data/bareos-17.2.7/src/tools/drivetype.c:53:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[100];
data/bareos-17.2.7/src/tools/drivetype.c:82:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/bareos-17.2.7/src/tools/fstype.c:54:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fs[1000];
data/bareos-17.2.7/src/tools/smtp-orig.c:148:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/bareos-17.2.7/src/tools/smtp-orig.c:188:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/bareos-17.2.7/src/tools/smtp-orig.c:189:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char my_name[BUFSIZ];
data/bareos-17.2.7/src/tools/smtp-orig.c:264:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) &sin.sin_addr, hp->h_addr, hp->h_length);
data/bareos-17.2.7/src/win32/compat/compat.c:523:7: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(pwszBuf, L"\\\\?\\");
data/bareos-17.2.7/src/win32/compat/compat.c:550:7: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t szDrive[3];
data/bareos-17.2.7/src/win32/compat/compat.c:906:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[200];
data/bareos-17.2.7/src/win32/compat/compat.c:2789:7: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wszBuf[1024];
data/bareos-17.2.7/src/win32/compat/compat.c:2790:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuf[1024];
data/bareos-17.2.7/src/win32/compat/compat.c:3020:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char WIN_VERSION_LONG[64];
data/bareos-17.2.7/src/win32/compat/compat.c:3021:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char WIN_VERSION[32];
data/bareos-17.2.7/src/win32/compat/compat.c:3022:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char WIN_RAWVERSION[32];
data/bareos-17.2.7/src/win32/compat/compat.c:3240:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pPathname, pExeStart, dwBasePathLength);
data/bareos-17.2.7/src/win32/compat/compat.c:3255:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pPathname, pAltPathname, dwAltNameLength);
data/bareos-17.2.7/src/win32/compat/compat.c:3273:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pPathname, pAltPathname, dwAltNameLength);
data/bareos-17.2.7/src/win32/compat/compat.c:3286:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*pexe, pAltPathname, dwAltNameLength + 1);
data/bareos-17.2.7/src/win32/compat/compat.c:3296:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*pexe, pPathname, dwPathnameLength + 1);
data/bareos-17.2.7/src/win32/compat/compat.c:3808:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *strings[2];
data/bareos-17.2.7/src/win32/compat/glob.c:97:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1 + strlen( pattern )];
data/bareos-17.2.7/src/win32/compat/glob.c:758:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirbuf[1 + strlen( pattern )];
data/bareos-17.2.7/src/win32/compat/glob.c:874:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matchpath[2 + dirlen + matchlen];
data/bareos-17.2.7/src/win32/compat/glob.c:880:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( matchpath, *dirp, dirlen );
data/bareos-17.2.7/src/win32/compat/glob.c:886:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( matchpath + prefix, entry->d_name, matchlen + 1 );
data/bareos-17.2.7/src/win32/compat/include/compat.h:119:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_name[256];
data/bareos-17.2.7/src/win32/compat/include/compat.h:250:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open _open
data/bareos-17.2.7/src/win32/compat/include/sys/mtio.h:191:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserved[10];
data/bareos-17.2.7/src/win32/compat/print.c:445:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char convert[20];
data/bareos-17.2.7/src/win32/compat/print.c:563:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iconvert[20];
data/bareos-17.2.7/src/win32/compat/print.c:564:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fconvert[20];
data/bareos-17.2.7/src/win32/filed/vss_generic.c:245:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dup, str, len * sizeof(wchar_t));
data/bareos-17.2.7/src/win32/filed/vss_generic.c:269:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t volumeRootPath[MAX_PATH];
data/bareos-17.2.7/src/win32/filed/vss_generic.c:270:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t volumeName[MAX_PATH];
data/bareos-17.2.7/src/win32/filed/vss_generic.c:271:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t volumeUniqueName[MAX_PATH];
data/bareos-17.2.7/src/win32/filed/vss_generic.c:641:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t szDrive[3];
data/bareos-17.2.7/src/win32/filed/vss_generic.c:1122:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1000];
data/bareos-17.2.7/src/win32/findlib/win32.c:68:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char drive[4], dt[16];
data/bareos-17.2.7/src/win32/findlib/win32.c:220:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[16];
data/bareos-17.2.7/src/win32/findlib/win32.c:265:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char drives[MAX_NAME_LENGTH];
data/bareos-17.2.7/src/win32/findlib/win32.c:585:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbData, save_data->data, save_data->data_len);
data/bareos-17.2.7/src/win32/findlib/win32.c:748:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(save_data->data, data, length);
data/bareos-17.2.7/src/win32/generic/main.c:62:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char win_os[300];
data/bareos-17.2.7/src/win32/generic/main.c:68:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *command_args[MAX_COMMAND_ARGS] = { (char *)LC_APP_NAME, NULL };
data/bareos-17.2.7/src/win32/generic/main.c:367:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/bareos-17.2.7/src/win32/generic/main.c:671:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/bareos-17.2.7/src/win32/generic/service.c:255:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[maxlen];
data/bareos-17.2.7/src/win32/generic/service.c:256:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char svcmd[maxlen];
data/bareos-17.2.7/src/win32/generic/service.c:547:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[500];
data/bareos-17.2.7/src/win32/generic/service.c:549:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *strings[3];
data/bareos-17.2.7/src/win32/include/vss.h:105:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t m_wszUniqueVolumeName[26][MAX_PATH];
data/bareos-17.2.7/src/win32/include/vss.h:106:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t m_szShadowCopyName[26][MAX_PATH];
data/bareos-17.2.7/src/win32/plugins/filed/mssqlvdi-fd.c:473:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[MAX_TIME_LENGTH];
data/bareos-17.2.7/src/win32/plugins/filed/mssqlvdi-fd.c:1485:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vdsname[VDS_NAME_LENGTH + 1];
data/bareos-17.2.7/src/win32/plugins/filed/mssqlvdi-fd.c:1531:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
p_ctx->RestoreFD = open(io->fname, io->flags, io->mode);
data/bareos-17.2.7/src/win32/plugins/filed/mssqlvdi-fd.c:1622:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->buffer, io->buf, io->count);
data/bareos-17.2.7/src/win32/plugins/filed/mssqlvdi-fd.c:1636:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(io->buf, cmd->buffer, cmd->size);
data/bareos-17.2.7/src/win32/stored/backends/win32_fifo_device.c:312:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return ::open(pathname, flags, mode);
data/bareos-17.2.7/src/win32/stored/backends/win32_file_device.c:198:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return ::open(pathname, flags, mode);
data/bareos-17.2.7/src/win32/stored/backends/win32_file_device.c:275:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((m_fd = ::open(archive_name.c_str(), oflags, st.st_mode)) < 0) {
data/bareos-17.2.7/src/win32/stored/backends/win32_tape_device.c:175:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szDeviceName[256] = "\\\\.\\";
data/bareos-17.2.7/platforms/freebsd/tapetest.c:336:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = read(fd, buf, len);
data/bareos-17.2.7/platforms/freebsd/tapetest.c:355:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(rfd, dev->buf, dev->buf_len);
data/bareos-17.2.7/platforms/freebsd/tapetest.c:396:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((status = read(dev->fd, buf, sizeof(buf))) < 0) {
data/bareos-17.2.7/platforms/freebsd/tapetest.c:448:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(rfd, dev->buf, dev->buf_len);
data/bareos-17.2.7/platforms/freebsd/tapetest.c:479:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = cmd + strlen(cmd) - 1;
data/bareos-17.2.7/platforms/freebsd/tapetest.c:590:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc(stdin)) != EOF) {
data/bareos-17.2.7/src/cats/bvfs.c:157:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pnl = strlen(path);
data/bareos-17.2.7/src/cats/bvfs.c:484:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(path) - 1;
data/bareos-17.2.7/src/cats/bvfs.c:531:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(path) - 1;
data/bareos-17.2.7/src/cats/bvfs.c:575:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db->escape_string(jcr, path_esc, (char *)path, strlen(path));
data/bareos-17.2.7/src/cats/bvfs.c:601:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db->escape_string(jcr, fname_esc, (char *)fname, strlen(fname));
data/bareos-17.2.7/src/cats/bvfs.c:602:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db->escape_string(jcr, client_esc, (char *)client, strlen(client));
data/bareos-17.2.7/src/cats/bvfs.c:845:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp.check_size((strlen(tmp2.c_str())+1) * 2);
data/bareos-17.2.7/src/cats/bvfs.c:858:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(tmp.c_str());
data/bareos-17.2.7/src/cats/bvfs.h:79:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint32_t len = strlen(p);
data/bareos-17.2.7/src/cats/cats.c:228:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base64_to_bin(dest, expected_len + 1, from, strlen(from));
data/bareos-17.2.7/src/cats/cats_backends.c:72:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(backend_interface_mapping->interface_name))) {
data/bareos-17.2.7/src/cats/dbi.c:261:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(working_directory) + 5;
data/bareos-17.2.7/src/cats/dbi.c:264:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(new_db_dir, "/");
data/bareos-17.2.7/src/cats/dbi.c:265:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(m_db_name) + 5;
data/bareos-17.2.7/src/cats/dbi.c:827:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
field_length = strlen(buf);
data/bareos-17.2.7/src/cats/dbi.c:1494:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(db_driver) < 5 || db_driver[3] != ':' || !bstrncasecmp(db_driver, "dbi", 3)) {
data/bareos-17.2.7/src/cats/ingres.c:546:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (bp != NULL && strlen(bp) > 0) {
data/bareos-17.2.7/src/cats/myingres.c:681:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (dbname == NULL || strlen(dbname) == 0) {
data/bareos-17.2.7/src/cats/sql_create.c:75:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(jcr->comment); /* TODO: use jr instead of jcr to get comment */
data/bareos-17.2.7/src/cats/sql_create.c:79:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_ujobname, jr->Job, strlen(jr->Job));
data/bareos-17.2.7/src/cats/sql_create.c:80:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_jobname, jr->Name, strlen(jr->Name));
data/bareos-17.2.7/src/cats/sql_create.c:176:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_poolname, pr->Name, strlen(pr->Name));
data/bareos-17.2.7/src/cats/sql_create.c:177:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_lf, pr->LabelFormat, strlen(pr->LabelFormat));
data/bareos-17.2.7/src/cats/sql_create.c:244:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, dr->Name, strlen(dr->Name));
data/bareos-17.2.7/src/cats/sql_create.c:314:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, sr->Name, strlen(sr->Name));
data/bareos-17.2.7/src/cats/sql_create.c:382:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, mr->MediaType, strlen(mr->MediaType));
data/bareos-17.2.7/src/cats/sql_create.c:434:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_medianame, mr->VolumeName, strlen(mr->VolumeName));
data/bareos-17.2.7/src/cats/sql_create.c:435:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_mtype, mr->MediaType, strlen(mr->MediaType));
data/bareos-17.2.7/src/cats/sql_create.c:436:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_status, mr->VolStatus, strlen(mr->VolStatus));
data/bareos-17.2.7/src/cats/sql_create.c:532:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_clientname, cr->Name, strlen(cr->Name));
data/bareos-17.2.7/src/cats/sql_create.c:533:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_uname, cr->Uname, strlen(cr->Uname));
data/bareos-17.2.7/src/cats/sql_create.c:693:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, cr->Counter, strlen(cr->Counter));
data/bareos-17.2.7/src/cats/sql_create.c:728:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_fs, fsr->FileSet, strlen(fsr->FileSet));
data/bareos-17.2.7/src/cats/sql_create.c:729:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_md5, fsr->MD5, strlen(fsr->MD5));
data/bareos-17.2.7/src/cats/sql_create.c:773:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fsr->FileSetText);
data/bareos-17.2.7/src/cats/sql_create.c:1180:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fnl = strlen(ro->object_name);
data/bareos-17.2.7/src/cats/sql_create.c:1186:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plug_name_len = strlen(ro->plugin_name);
data/bareos-17.2.7/src/cats/sql_create.c:1270:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
esc_name = check_pool_memory_size(esc_name, strlen(filesystem) * 2 + 1);
data/bareos-17.2.7/src/cats/sql_create.c:1271:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_name, filesystem, strlen(filesystem));
data/bareos-17.2.7/src/cats/sql_create.c:1321:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_envname, name, strlen(name));
data/bareos-17.2.7/src/cats/sql_create.c:1322:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_envvalue, value, strlen(value));
data/bareos-17.2.7/src/cats/sql_delete.c:61:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, pr->Name, strlen(pr->Name));
data/bareos-17.2.7/src/cats/sql_find.c:66:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_jobname, jr->Name, strlen(jr->Name));
data/bareos-17.2.7/src/cats/sql_find.c:160:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_jobname, jr->Name, strlen(jr->Name));
data/bareos-17.2.7/src/cats/sql_find.c:207:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_jobname, jr->Name, strlen(jr->Name));
data/bareos-17.2.7/src/cats/sql_find.c:254:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_jobname, jr->Name, strlen(jr->Name));
data/bareos-17.2.7/src/cats/sql_find.c:266:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MIN(strlen(Name), sizeof(esc_jobname)));
data/bareos-17.2.7/src/cats/sql_find.c:355:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_type, mr->MediaType, strlen(mr->MediaType));
data/bareos-17.2.7/src/cats/sql_find.c:356:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_status, mr->VolStatus, strlen(mr->VolStatus));
data/bareos-17.2.7/src/cats/sql_get.c:229:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pnl = strlen(path);
data/bareos-17.2.7/src/cats/sql_get.c:247:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, jr->Job, strlen(jr->Job));
data/bareos-17.2.7/src/cats/sql_get.c:617:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, pdbr->Name, strlen(pdbr->Name));
data/bareos-17.2.7/src/cats/sql_get.c:703:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, sdbr->Name, strlen(sdbr->Name));
data/bareos-17.2.7/src/cats/sql_get.c:754:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, cdbr->Name, strlen(cdbr->Name));
data/bareos-17.2.7/src/cats/sql_get.c:805:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, cr->Counter, strlen(cr->Counter));
data/bareos-17.2.7/src/cats/sql_get.c:870:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, fsr->FileSet, strlen(fsr->FileSet));
data/bareos-17.2.7/src/cats/sql_get.c:928:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, mr->MediaType, strlen(mr->MediaType));
data/bareos-17.2.7/src/cats/sql_get.c:949:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, mr->VolStatus, strlen(mr->VolStatus));
data/bareos-17.2.7/src/cats/sql_get.c:954:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (volumes.strlen() > 0) {
data/bareos-17.2.7/src/cats/sql_get.c:960:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, mr->VolumeName, strlen(mr->VolumeName));
data/bareos-17.2.7/src/cats/sql_get.c:1084:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, mr->VolumeName, strlen(mr->VolumeName));
data/bareos-17.2.7/src/cats/sql_get.c:1398:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, jr->Name, strlen(jr->Name));
data/bareos-17.2.7/src/cats/sql_get.c:1608:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
esc_name = check_pool_memory_size(esc_name, strlen(filesystem) * 2 + 1);
data/bareos-17.2.7/src/cats/sql_get.c:1609:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_name, filesystem, strlen(filesystem));
data/bareos-17.2.7/src/cats/sql_get.c:1762:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, mr->MediaType, strlen(mr->MediaType));
data/bareos-17.2.7/src/cats/sql_get.c:1783:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, mr->VolStatus, strlen(mr->VolStatus));
data/bareos-17.2.7/src/cats/sql_get.c:1788:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (volumes.strlen() > 0) {
data/bareos-17.2.7/src/cats/sql_get.c:1794:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, mr->VolumeName, strlen(mr->VolumeName));
data/bareos-17.2.7/src/cats/sql_list.c:95:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, pdbr->Name, strlen(pdbr->Name));
data/bareos-17.2.7/src/cats/sql_list.c:196:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, mdbr->VolumeName, strlen(mdbr->VolumeName));
data/bareos-17.2.7/src/cats/sql_list.c:532:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, jr->Name, strlen(jr->Name));
data/bareos-17.2.7/src/cats/sql_list.c:733:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, jr->Name, strlen(jr->Name));
data/bareos-17.2.7/src/cats/sql_list.c:739:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, jr->Job, strlen(jr->Job));
data/bareos-17.2.7/src/cats/sql_query.c:83:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pm_memcpy(query, query_tmp, query_tmp.strlen()+1);
data/bareos-17.2.7/src/cats/sql_update.c:55:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(digest);
data/bareos-17.2.7/src/cats/sql_update.c:214:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_clientname, cr->Name, strlen(cr->Name));
data/bareos-17.2.7/src/cats/sql_update.c:215:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_uname, cr->Uname, strlen(cr->Uname));
data/bareos-17.2.7/src/cats/sql_update.c:243:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, cr->Counter, strlen(cr->Counter));
data/bareos-17.2.7/src/cats/sql_update.c:258:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, pr->LabelFormat, strlen(pr->LabelFormat));
data/bareos-17.2.7/src/cats/sql_update.c:322:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_medianame, mr->VolumeName, strlen(mr->VolumeName));
data/bareos-17.2.7/src/cats/sql_update.c:323:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_status, mr->VolStatus, strlen(mr->VolStatus));
data/bareos-17.2.7/src/cats/sql_update.c:411:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc, mr->VolumeName, strlen(mr->VolumeName));
data/bareos-17.2.7/src/cats/sql_update.c:469:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc,mr->VolumeName,strlen(mr->VolumeName));
data/bareos-17.2.7/src/cats/sql_update.c:574:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
esc_name = check_pool_memory_size(esc_name, strlen(filesystem) * 2 + 1);
data/bareos-17.2.7/src/cats/sql_update.c:575:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(jcr, esc_name, filesystem, strlen(filesystem));
data/bareos-17.2.7/src/cats/sqlite.c:174:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(working_directory) + strlen(m_db_name) + 5;
data/bareos-17.2.7/src/cats/sqlite.c:174:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(working_directory) + strlen(m_db_name) + 5;
data/bareos-17.2.7/src/cats/sqlite.c:177:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(db_path, "/");
data/bareos-17.2.7/src/console/conio.c:327:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, maxlen-1);
data/bareos-17.2.7/src/console/conio.c:415:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/bareos-17.2.7/src/console/conio.c:817:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = cl = strlen(str);
data/bareos-17.2.7/src/console/conio.c:1076:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(0, &c, 1) != 1) {
data/bareos-17.2.7/src/console/conio.c:1095:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t_sendl(msg, strlen(msg)); /* faster than one char at time */
data/bareos-17.2.7/src/console/console.c:210:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cmd);
data/bareos-17.2.7/src/console/console.c:220:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
UA_sock->msglen = strlen(UA_sock->msg);
data/bareos-17.2.7/src/console/console.c:262:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
UA_sock->msglen = strlen(UA_sock->msg);
data/bareos-17.2.7/src/console/console.c:368:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(buf);
data/bareos-17.2.7/src/console/console.c:375:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(buf);
data/bareos-17.2.7/src/console/console.c:579:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/bareos-17.2.7/src/console/console.c:597:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ret = (char *) actuallymalloc(strlen(name)+1);
data/bareos-17.2.7/src/console/console.c:849:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sock->msglen = strlen(sock->msg);
data/bareos-17.2.7/src/console/console.c:900:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sock->msglen = strlen(sock->msg);
data/bareos-17.2.7/src/dird/authenticate.c:245:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(ua->msg, "Hello %127s calling\n", name) != 1) {
data/bareos-17.2.7/src/dird/catreq.c:482:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fname); /* length before attributes */
data/bareos-17.2.7/src/dird/catreq.c:486:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = attr + strlen(attr) + 1; /* point to link */
data/bareos-17.2.7/src/dird/catreq.c:487:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = p + strlen(p) + 1; /* point to extended attributes */
data/bareos-17.2.7/src/dird/catreq.c:488:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = p + strlen(p) + 1; /* point to delta sequence */
data/bareos-17.2.7/src/dird/catreq.c:564:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ro.plugin_name);
data/bareos-17.2.7/src/dird/catreq.c:566:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ro.object_name);
data/bareos-17.2.7/src/dird/catreq.c:622:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Dmsg3(400, "DigestLen=%d Digest=%s type=%d\n", strlen(digestbuf),
data/bareos-17.2.7/src/dird/catreq.c:711:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((nbytes = read(spool_fd, (char *)&pktsiz, sizeof(int32_t))) == sizeof(int32_t)) {
data/bareos-17.2.7/src/dird/catreq.c:722:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nbytes = read(spool_fd, msg, msglen);
data/bareos-17.2.7/src/dird/dbcheck.c:324:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(key_name) + 1;
data/bareos-17.2.7/src/dird/dbcheck.c:580:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db->escape_string(NULL, esc_name, name_list.name[i], strlen(name_list.name[i]));
data/bareos-17.2.7/src/dird/dbcheck.c:1014:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len=strlen(name); len > 0 && IsPathSeparator(name[len-1]); len--)
data/bareos-17.2.7/src/dird/dbcheck.c:1083:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len=strlen(name); len > 0 && name[len-1]==' '; len--) {
data/bareos-17.2.7/src/dird/dir_plugins.c:481:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(plugin_name);
data/bareos-17.2.7/src/dird/dird.c:40:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define NAMELEN(dirent) (strlen((dirent)->d_name))
data/bareos-17.2.7/src/dird/dird.c:161:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(msg);
data/bareos-17.2.7/src/dird/dird.c:1307:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int my_name_len = strlen(my_name);
data/bareos-17.2.7/src/dird/dird.c:1308:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(me->working_directory);
data/bareos-17.2.7/src/dird/dird_conf.c:1042:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (configure_usage_string->strlen() == 0) {
data/bareos-17.2.7/src/dird/dird_conf.c:1381:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(esc, runscript->command, strlen(runscript->command));
data/bareos-17.2.7/src/dird/dird_conf.c:2247:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(esc, entry, strlen(entry));
data/bareos-17.2.7/src/dird/dird_conf.c:2262:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(esc, entry, strlen(entry));
data/bareos-17.2.7/src/dird/dird_conf.c:2300:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(esc, entry, strlen(entry));
data/bareos-17.2.7/src/dird/dird_conf.h:164:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read; /**< in read mode */
data/bareos-17.2.7/src/dird/expand.c:73:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*val_len = strlen(buf);
data/bareos-17.2.7/src/dird/expand.c:141:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*val_len = strlen(str);
data/bareos-17.2.7/src/dird/expand.c:239:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*val_len = Mmsg(buf, "%d", strlen(buf.c_str()));
data/bareos-17.2.7/src/dird/expand.c:246:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*val_len = strlen(buf.c_str());
data/bareos-17.2.7/src/dird/expand.c:349:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(val); /* return length of string */
data/bareos-17.2.7/src/dird/expand.c:466:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
in_len = strlen(inp);
data/bareos-17.2.7/src/dird/expand.c:502:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
in_len = strlen(inp);
data/bareos-17.2.7/src/dird/fd_cmds.c:213:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(jcr->sd_auth_key, 0, strlen(jcr->sd_auth_key));
data/bareos-17.2.7/src/dird/fd_cmds.c:219:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!bstrncmp(fd->msg, OKjob, strlen(OKjob))) {
data/bareos-17.2.7/src/dird/fd_cmds.c:232:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bstrncpy(cr.Uname, fd->msg+strlen(OKjob)+1, sizeof(cr.Uname));
data/bareos-17.2.7/src/dird/fd_cmds.c:573:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optlen = strlen(buf);
data/bareos-17.2.7/src/dird/fd_cmds.c:599:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optlen = strlen(buf);
data/bareos-17.2.7/src/dird/fd_cmds.c:1027:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(Digest.c_str());
data/bareos-17.2.7/src/dird/fd_cmds.c:1031:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(digest.c_str()), digest.c_str(), ar->DigestType);
data/bareos-17.2.7/src/dird/getmsg.c:208:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(bs->msg, "%020s Job=%127s ", MsgType, Job) != 2) {
data/bareos-17.2.7/src/dird/getmsg.c:236:14: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(bs->msg, "Jmsg Job=%127s type=%d level=%lld",
data/bareos-17.2.7/src/dird/getmsg.c:270:14: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(bs->msg, "BlastAttr Job=%127s File=%255s",
data/bareos-17.2.7/src/dird/inc_conf.c:142:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bstrncmp(k, fs_opt->option, strlen(fs_opt->option))) {
data/bareos-17.2.7/src/dird/inc_conf.c:149:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k += strlen(fs_opt->option) - 1;
data/bareos-17.2.7/src/dird/job.c:1474:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dt) + 5; /* dt + .%02d EOS */
data/bareos-17.2.7/src/dird/ndmp_dma_restore_NDMP_BAREOS.c:191:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ndmp_filesystem);
data/bareos-17.2.7/src/dird/ndmp_dma_restore_NDMP_BAREOS.c:369:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(restore_prefix) == 1 && *restore_prefix == '/') {
data/bareos-17.2.7/src/dird/ndmp_dma_restore_NDMP_BAREOS.c:377:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(restore_prefix) == 1 && *restore_prefix == '/') {
data/bareos-17.2.7/src/dird/ndmp_dma_restore_NDMP_NATIVE.c:148:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(restore_prefix) == 1 && *restore_prefix == '/') {
data/bareos-17.2.7/src/dird/ndmp_dma_restore_NDMP_NATIVE.c:156:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(restore_prefix) == 1 && *restore_prefix == '/') {
data/bareos-17.2.7/src/dird/ndmp_dma_restore_NDMP_NATIVE.c:225:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bstrncmp(restore_pathname.c_str(), ndmp_filesystem, strlen(ndmp_filesystem))) {
data/bareos-17.2.7/src/dird/ndmp_dma_restore_NDMP_NATIVE.c:226:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ndmp_filesystem);
data/bareos-17.2.7/src/dird/ndmp_fhdb_common.c:59:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(raw_name) == 0) {
data/bareos-17.2.7/src/dird/ndmp_fhdb_common.c:68:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bool filesystem_ends_with_slash = (nis->filesystem[strlen(nis->filesystem) - 1] == '/');
data/bareos-17.2.7/src/dird/ndmp_fhdb_common.c:70:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bool raw_name_ends_with_slash = (raw_name[strlen(raw_name) - 1] == '/') ;
data/bareos-17.2.7/src/dird/ndmp_fhdb_lmdb.c:93:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(raw_name);
data/bareos-17.2.7/src/dird/ndmp_fhdb_lmdb.c:621:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( full_path.c_str()[strlen(full_path.c_str()) - 1] != '/' ) {
data/bareos-17.2.7/src/dird/ndmp_fhdb_mem.c:291:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
node->fname_len = strlen(fname);
data/bareos-17.2.7/src/dird/ndmp_fhdb_mem.c:453:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nt_node->fname_len = strlen(raw_name);
data/bareos-17.2.7/src/dird/ndmp_fhdb_mem.c:686:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attr_size = strlen(attribs.c_str()) + 1;
data/bareos-17.2.7/src/dird/ndmp_fhdb_mem.c:699:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(wanted_node->fname, "/");
data/bareos-17.2.7/src/dird/ndmp_fhdb_mem.c:729:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fhdb_root->fname_len = strlen(nis->filesystem);
data/bareos-17.2.7/src/dird/restore.c:268:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(jcr->sd_auth_key, 0, strlen(jcr->sd_auth_key));
data/bareos-17.2.7/src/dird/restore.c:283:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(jcr->sd_auth_key, 0, strlen(jcr->sd_auth_key));
data/bareos-17.2.7/src/dird/run_conf.c:465:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/bareos-17.2.7/src/dird/run_conf.c:545:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(lc->str) == 3 && strlen(p) == 3 &&
data/bareos-17.2.7/src/dird/run_conf.c:545:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(lc->str) == 3 && strlen(p) == 3 &&
data/bareos-17.2.7/src/dird/run_conf.c:603:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(lc->str) == 3 && strlen(p) == 3 &&
data/bareos-17.2.7/src/dird/run_conf.c:603:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(lc->str) == 3 && strlen(p) == 3 &&
data/bareos-17.2.7/src/dird/sd_cmds.c:371:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(field2) > 0) {
data/bareos-17.2.7/src/dird/sd_cmds.c:382:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(field2) == 0) {
data/bareos-17.2.7/src/dird/ua_acl.c:39:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return acl_access_ok(acl, item, strlen(item), audit_event);
data/bareos-17.2.7/src/dird/ua_acl.c:129:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
match_length = strlen(item);
data/bareos-17.2.7/src/dird/ua_acl.c:175:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
match_length = strlen(item);
data/bareos-17.2.7/src/dird/ua_cmds.c:459:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ua->argk[0]);
data/bareos-17.2.7/src/dird/ua_cmds.c:519:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cmd && (strlen(cmd) > 0) && (cmd[0] == '.')) {
data/bareos-17.2.7/src/dird/ua_cmds.c:610:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ua->cmd) >= MAX_NAME_LENGTH-10) {
data/bareos-17.2.7/src/dird/ua_cmds.c:614:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ua->cmd) == 0) {
data/bareos-17.2.7/src/dird/ua_cmds.c:1931:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ua->db->escape_string(ua->jcr, esc, ua->argv[i], strlen(ua->argv[i]));
data/bareos-17.2.7/src/dird/ua_configure.c:72:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(content);
data/bareos-17.2.7/src/dird/ua_configure.c:173:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(resourcename.c_str()) <= 0) {
data/bareos-17.2.7/src/dird/ua_dotcmds.c:355:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (cur_id && strlen(cur_id)) {
data/bareos-17.2.7/src/dird/ua_dotcmds.c:700:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (cur_id && strlen(cur_id)) {
data/bareos-17.2.7/src/dird/ua_dotcmds.c:1002:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ua->argv[0]) == 1) {
data/bareos-17.2.7/src/dird/ua_dotcmds.c:1134:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(ua->argv[pos]);
data/bareos-17.2.7/src/dird/ua_input.c:95:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ua->cmd[0] == 0 && bstrncmp(prompt, _("Enter slot"), strlen(_("Enter slot")))) {
data/bareos-17.2.7/src/dird/ua_input.c:157:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ua->cmd);
data/bareos-17.2.7/src/dird/ua_input.c:248:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/bareos-17.2.7/src/dird/ua_label.c:271:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ua->jcr->res.pool->cleaning_prefix));
data/bareos-17.2.7/src/dird/ua_label.c:275:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ua->jcr->res.pool->cleaning_prefix),
data/bareos-17.2.7/src/dird/ua_label.c:751:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/bareos-17.2.7/src/dird/ua_output.c:277:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(res_name);
data/bareos-17.2.7/src/dird/ua_output.c:294:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(res_name);
data/bareos-17.2.7/src/dird/ua_output.c:503:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (query_range.strlen()) {
data/bareos-17.2.7/src/dird/ua_output.c:809:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(query_range.c_str()) == 0) {
data/bareos-17.2.7/src/dird/ua_output.c:1095:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cur_stat) == 1 && cur_stat[0] >= 'A' && cur_stat[0] <= 'z') {
data/bareos-17.2.7/src/dird/ua_output.c:1133:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (selection.strlen() == 0) {
data/bareos-17.2.7/src/dird/ua_output.c:1168:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(cur_level))) {
data/bareos-17.2.7/src/dird/ua_output.c:1190:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (selection.strlen() == 0) {
data/bareos-17.2.7/src/dird/ua_output.c:1214:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (selection.strlen() == 0) {
data/bareos-17.2.7/src/dird/ua_output.c:1274:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bstrncasecmp(ua->argv[pos], "ascending", strlen(ua->argv[pos]))) {
data/bareos-17.2.7/src/dird/ua_output.c:1276:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (bstrncasecmp(ua->argv[pos], "descending", strlen(ua->argv[pos]))) {
data/bareos-17.2.7/src/dird/ua_output.c:1538:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mlen = strlen(msg);
data/bareos-17.2.7/src/dird/ua_output.c:1591:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(row[tuple->u.acl_filter.column]) == 0) {
data/bareos-17.2.7/src/dird/ua_output.c:1604:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(row[tuple->u.res_filter.column]) == 0) {
data/bareos-17.2.7/src/dird/ua_output.c:1620:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(row[tuple->u.res_filter.column]) == 0) {
data/bareos-17.2.7/src/dird/ua_output.c:1771:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(msg);
data/bareos-17.2.7/src/dird/ua_prune.c:331:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(temp.c_str());
data/bareos-17.2.7/src/dird/ua_prune.c:466:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ua->db->escape_string(ua->jcr, ed2, client->name(), strlen(client->name()));
data/bareos-17.2.7/src/dird/ua_prune.c:473:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ua->db->escape_string(ua->jcr, ed2, pool->name(), strlen(pool->name()));
data/bareos-17.2.7/src/dird/ua_purge.c:783:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ua->db->escape_string(ua->jcr, esc, ua->argv[i], strlen(ua->argv[i]));
data/bareos-17.2.7/src/dird/ua_query.c:108:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/bareos-17.2.7/src/dird/ua_query.c:204:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ua->cmd);
data/bareos-17.2.7/src/dird/ua_query.c:209:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_query = check_pool_memory_size(new_query, olen + strlen(p) + 10);
data/bareos-17.2.7/src/dird/ua_query.c:231:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_query = check_pool_memory_size(new_query, olen + strlen(q) + 10);
data/bareos-17.2.7/src/dird/ua_query.c:265:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ua->cmd);
data/bareos-17.2.7/src/dird/ua_restore.c:678:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ua->cmd);
data/bareos-17.2.7/src/dird/ua_restore.c:741:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ua->cmd);
data/bareos-17.2.7/src/dird/ua_restore.c:764:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ua->cmd);
data/bareos-17.2.7/src/dird/ua_restore.c:821:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ua->cmd);
data/bareos-17.2.7/src/dird/ua_restore.c:827:16: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ua->cmd, "/");
data/bareos-17.2.7/src/dird/ua_run.c:455:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(ua->cmd);
data/bareos-17.2.7/src/dird/ua_run.c:475:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(bstrncasecmp(ua->cmd, "mod ", 4) && strlen(ua->cmd) > 6)) {
data/bareos-17.2.7/src/dird/ua_run.c:504:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bstrncasecmp(ua->cmd, NT_("yes"), strlen(ua->cmd)) ||
data/bareos-17.2.7/src/dird/ua_run.c:505:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bstrncasecmp(ua->cmd, _("yes"), strlen(ua->cmd))) {
data/bareos-17.2.7/src/dird/ua_run.c:552:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ua->cmd[0] != 0 && bstrncasecmp(ua->cmd, _("mod"), strlen(ua->cmd))) {
data/bareos-17.2.7/src/dird/ua_select.c:1689:10: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(buf, "JobId=%d Job=%127s", &njobs, JobName);
data/bareos-17.2.7/src/dird/ua_select.c:1732:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(search_argument);
data/bareos-17.2.7/src/dird/ua_select.c:1869:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ua->argv[i]) == 1 && ua->argv[i][0] >= 'A' && ua->argv[i][0] <= 'z') {
data/bareos-17.2.7/src/dird/ua_select.c:1896:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ua->argv[i]) == 1 && ua->argv[i][0] >= 'A' && ua->argv[i][0] <= 'z') {
data/bareos-17.2.7/src/dird/ua_status.c:423:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
date_len = strlen(dt);
data/bareos-17.2.7/src/dird/ua_status.c:1317:10: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pr.Name, "?");
data/bareos-17.2.7/src/dird/ua_status.c:1344:10: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pr.Name, "?");
data/bareos-17.2.7/src/dird/ua_status.c:1746:19: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pr.Name, "?");
data/bareos-17.2.7/src/dird/ua_tree.c:158:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ua->argk[0]);
data/bareos-17.2.7/src/dird/ua_tree.c:448:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(arg);
data/bareos-17.2.7/src/dird/ua_tree.c:880:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(buf);
data/bareos-17.2.7/src/dird/verify.c:662:18: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if ((len = sscanf(fd->msg, "%ld %d %100s", &file_index, &stream,
data/bareos-17.2.7/src/dird/verify.c:850:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jcr->db->escape_string(jcr, buf.c_str(), Opts_Digest.c_str(), strlen(Opts_Digest.c_str()));
data/bareos-17.2.7/src/filed/accurate.c:379:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname_length = strlen(fname);
data/bareos-17.2.7/src/filed/accurate.c:381:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lstat_length = strlen(lstat);
data/bareos-17.2.7/src/filed/accurate.c:392:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chksum_length = strlen(chksum);
data/bareos-17.2.7/src/filed/accurate_lmdb.c:186:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key.mv_size = strlen(fname) + 1;
data/bareos-17.2.7/src/filed/accurate_lmdb.c:269:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key.mv_size = strlen(fname) + 1;
data/bareos-17.2.7/src/filed/accurate_lmdb.c:287:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lstat_length = strlen(payload->lstat);
data/bareos-17.2.7/src/filed/accurate_lmdb.c:324:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lstat_length = strlen(payload->lstat);
data/bareos-17.2.7/src/filed/accurate_lmdb.c:325:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chksum_length = strlen(payload->chksum);
data/bareos-17.2.7/src/filed/accurate_lmdb.c:354:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key.mv_size = strlen(fname) + 1;
data/bareos-17.2.7/src/filed/authenticate.c:174:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(jcr->sd_auth_key, 0, strlen(jcr->sd_auth_key));
data/bareos-17.2.7/src/filed/authenticate.c:199:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(jcr->sd_auth_key, 0, strlen(jcr->sd_auth_key));
data/bareos-17.2.7/src/filed/backup.c:1526:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Dmsg2(500, "strcpy link_save=%d link=%d\n", strlen(ff_pkt->link_save),
data/bareos-17.2.7/src/filed/backup.c:1527:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ff_pkt->link));
data/bareos-17.2.7/src/filed/backup.c:1566:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Dmsg2(500, "strcpy link=%d link_save=%d\n", strlen(ff_pkt->link),
data/bareos-17.2.7/src/filed/backup.c:1567:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ff_pkt->link_save));
data/bareos-17.2.7/src/filed/backup.c:1610:32: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ff_pkt->object_len = (wcslen(metadata) + 1) * sizeof(wchar_t);
data/bareos-17.2.7/src/filed/dir_cmd.c:457:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jcr->client_name = get_memory(strlen(my_name) + 1);
data/bareos-17.2.7/src/filed/dir_cmd.c:500:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bstrncmp(cmds[i].cmd, dir->msg, strlen(cmds[i].cmd))) {
data/bareos-17.2.7/src/filed/dir_cmd.c:838:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(dir->msg, "cancel Job=%127s", Job) == 1) {
data/bareos-17.2.7/src/filed/dir_cmd.c:2069:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int i = 0; i < (int)strlen(szWinDriveLetters); i++) {
data/bareos-17.2.7/src/filed/fd_plugins.c:503:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cmd);
data/bareos-17.2.7/src/filed/fileset.c:91:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) > 0) {
data/bareos-17.2.7/src/filed/restore.c:568:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(attr->attrEx), sd->msg);
data/bareos-17.2.7/src/filed/sd_cmds.c:51:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(sd->msg, "Hello Storage calling Start Job %127s", job_name) != 1) {
data/bareos-17.2.7/src/findlib/acl.c:337:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
acl_data->u.build->content_length = strlen(acl_data->u.build->content) + 1;
data/bareos-17.2.7/src/findlib/acl.c:913:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ostype == ACL_TYPE_DEFAULT && strlen(content) == 0) {
data/bareos-17.2.7/src/findlib/attribs.c:412:15: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
old_mask = umask(0);
data/bareos-17.2.7/src/findlib/attribs.c:497:4: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(old_mask);
data/bareos-17.2.7/src/findlib/bfile.c:1215:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = read(bfd->fid, buf, count);
data/bareos-17.2.7/src/findlib/find.c:131:10: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ff->VerifyOpts, "V");
data/bareos-17.2.7/src/findlib/find.h:39:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define NAMELEN(dirent) (strlen((dirent)->d_name))
data/bareos-17.2.7/src/findlib/find_one.c:591:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fname);
data/bareos-17.2.7/src/findlib/hardlink.c:69:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fname) + 1;
data/bareos-17.2.7/src/findlib/match.c:126:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fname);
data/bareos-17.2.7/src/findlib/match.c:381:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/bareos-17.2.7/src/findlib/match.c:438:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fname);
data/bareos-17.2.7/src/findlib/match.c:501:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(file);
data/bareos-17.2.7/src/findlib/mkpath.c:82:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_list_add(jcr->path_list, strlen(path), path);
data/bareos-17.2.7/src/findlib/mkpath.c:145:12: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
omask = umask(0);
data/bareos-17.2.7/src/findlib/mkpath.c:146:4: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(omask);
data/bareos-17.2.7/src/findlib/mkpath.c:147:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(apath);
data/bareos-17.2.7/src/findlib/mkpath.c:274:4: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(omask);
data/bareos-17.2.7/src/findlib/shadowing.c:75:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(pattern1);
data/bareos-17.2.7/src/findlib/shadowing.c:76:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(pattern2);
data/bareos-17.2.7/src/findlib/shadowing.c:226:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str1->c_str()) < strlen(str2->c_str())) {
data/bareos-17.2.7/src/findlib/shadowing.c:226:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str1->c_str()) < strlen(str2->c_str())) {
data/bareos-17.2.7/src/findlib/shadowing.c:355:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str1->c_str()) < strlen(str2->c_str())) {
data/bareos-17.2.7/src/findlib/shadowing.c:355:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str1->c_str()) < strlen(str2->c_str())) {
data/bareos-17.2.7/src/findlib/xattr.c:458:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_length = strlen(bp);
data/bareos-17.2.7/src/findlib/xattr.c:807:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_xattr->name_length = strlen(xattr_naming_spaces[cnt].name) +
data/bareos-17.2.7/src/findlib/xattr.c:808:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(attrlist_ent->a_name) + 1;
data/bareos-17.2.7/src/findlib/xattr.c:976:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmp_size = strlen(xattr_naming_spaces[cnt].name);
data/bareos-17.2.7/src/findlib/xattr.c:1269:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_length = strlen(bp);
data/bareos-17.2.7/src/findlib/xattr.c:1701:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(current_attrname, xattr_list + (index + 1), cnt);
data/bareos-17.2.7/src/findlib/xattr.c:1781:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_xattr->name_length = strlen(current_attrtuple);
data/bareos-17.2.7/src/findlib/xattr.c:2187:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_xattr->name_length = strlen(xattr_name);
data/bareos-17.2.7/src/findlib/xattr.c:3028:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((cnt = read(attrfd, buffer, sizeof(buffer))) > 0) {
data/bareos-17.2.7/src/include/baconfig.h:587:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define bstrdup(str) strcpy((char *)b_malloc(__FILE__,__LINE__, strlen((str))+1), (str))
data/bareos-17.2.7/src/include/baconfig.h:589:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define bstrdup(str) strcpy((char *)bmalloc(strlen((str))+1),(str))
data/bareos-17.2.7/src/lib/attr.c:196:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int wherelen = strlen(jcr->where);
data/bareos-17.2.7/src/lib/bpipe.c:478:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Dmsg3(1900, "resadr=0x%x reslen=%d res=%s\n", results, strlen(results), results);
data/bareos-17.2.7/src/lib/breg.c:217:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int flen = strlen(fname);
data/bareos-17.2.7/src/lib/breg.c:231:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Dmsg2(500, "bregexp: len = %i, result_len = %i\n", len, strlen(result));
data/bareos-17.2.7/src/lib/breg.c:283:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(fname) + 1;
data/bareos-17.2.7/src/lib/breg.c:358:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int str_size = ((strip_prefix?strlen(strip_prefix)+strlen(str_strip_prefix):0) +
data/bareos-17.2.7/src/lib/breg.c:358:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int str_size = ((strip_prefix?strlen(strip_prefix)+strlen(str_strip_prefix):0) +
data/bareos-17.2.7/src/lib/breg.c:359:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(add_prefix?strlen(add_prefix)+strlen(str_add_prefix) :0) +
data/bareos-17.2.7/src/lib/breg.c:359:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(add_prefix?strlen(add_prefix)+strlen(str_add_prefix) :0) +
data/bareos-17.2.7/src/lib/breg.c:360:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(add_suffix?strlen(add_suffix)+strlen(str_add_suffix) :0) )
data/bareos-17.2.7/src/lib/breg.c:360:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(add_suffix?strlen(add_suffix)+strlen(str_add_suffix) :0) )
data/bareos-17.2.7/src/lib/bregex.c:1082:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int size = strlen((char *)regex);
data/bareos-17.2.7/src/lib/bregex.c:1497:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(string);
data/bareos-17.2.7/src/lib/bregex.c:1940:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen((const char *)str);
data/bareos-17.2.7/src/lib/bsnprintf.c:431:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strln = strlen(value);
data/bareos-17.2.7/src/lib/bsnprintf.c:472:12: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strln = wcslen(value);
data/bareos-17.2.7/src/lib/bsnprintf.c:739:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r_length = strlen(result);
data/bareos-17.2.7/src/lib/bsock.c:147:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((nbytes = read(m_spool_fd, (char *)&pktsiz, sizeof(int32_t))) == sizeof(int32_t)) {
data/bareos-17.2.7/src/lib/bsock.c:155:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nbytes = read(m_spool_fd, msg, msglen);
data/bareos-17.2.7/src/lib/bsock_tcp.c:48:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define socketRead(fd, buf, len) ::read(fd, buf, len)
data/bareos-17.2.7/src/lib/bsys.c:58:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(pathname, working_directory, strlen(working_directory)) != 0) {
data/bareos-17.2.7/src/lib/bsys.c:220:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(src);
data/bareos-17.2.7/src/lib/bsys.c:246:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, maxlen - 1);
data/bareos-17.2.7/src/lib/bsys.c:256:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src.c_str(), maxlen - 1);
data/bareos-17.2.7/src/lib/bsys.c:268:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(dest);
data/bareos-17.2.7/src/lib/bsys.c:270:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest + len, src, maxlen - len - 1);
data/bareos-17.2.7/src/lib/bsys.c:283:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(dest);
data/bareos-17.2.7/src/lib/bsys.c:285:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest + len, src.c_str(), maxlen - (len + 1));
data/bareos-17.2.7/src/lib/bsys.c:590:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(pidfd, &pidbuf, sizeof(pidbuf)) < 0 ||
data/bareos-17.2.7/src/lib/bsys.c:696:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((status = read(sfd, &hdr, hdr_size)) != hdr_size) {
data/bareos-17.2.7/src/lib/bsys.c:798:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#undef fgetc
data/bareos-17.2.7/src/lib/bsys.c:807:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fd);
data/bareos-17.2.7/src/lib/bsys.c:819:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fd);
data/bareos-17.2.7/src/lib/bsys.c:850:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fd);
data/bareos-17.2.7/src/lib/bsys.c:870:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fd);
data/bareos-17.2.7/src/lib/bsys.c:902:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *escaped_path = (char *)bmalloc(2 * (strlen(file_path) + 1));
data/bareos-17.2.7/src/lib/bsys.c:922:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!path || !strlen(path)) {
data/bareos-17.2.7/src/lib/bsys.c:938:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!path || !strlen(path)) {
data/bareos-17.2.7/src/lib/bsys.c:956:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!path || !strlen(path)) {
data/bareos-17.2.7/src/lib/bsys.c:975:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) >= 3) {
data/bareos-17.2.7/src/lib/bsys.c:998:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(path) - 1;
data/bareos-17.2.7/src/lib/bsys.c:1022:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i = path.strlen();
data/bareos-17.2.7/src/lib/bsys.c:1053:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_len = strlen(path);
data/bareos-17.2.7/src/lib/bsys.c:1054:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
required_length = path_len + 1 + strlen(extra);
data/bareos-17.2.7/src/lib/bsys.c:1067:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(path + path_len, extra, strlen(extra) + 1);
data/bareos-17.2.7/src/lib/bsys.c:1080:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
required_length = path.strlen() + 1 + strlen(extra);
data/bareos-17.2.7/src/lib/bsys.c:1080:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
required_length = path.strlen() + 1 + strlen(extra);
data/bareos-17.2.7/src/lib/bsys.c:1137:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(apath);
data/bareos-17.2.7/src/lib/bsys.c:1268:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret_buffer[i] = (char *)actuallymalloc(len = strlen(linebuffer) + 1);
data/bareos-17.2.7/src/lib/bsys.c:1277:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(ret_buffer[i]) + 1;
data/bareos-17.2.7/src/lib/bsys.c:1401:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(function, begin, sz - 3);
data/bareos-17.2.7/src/lib/cram-md5.c:90:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmac_md5((uint8_t *)chal.c_str(), strlen(chal.c_str()), (uint8_t *)password, strlen(password), hmac);
data/bareos-17.2.7/src/lib/cram-md5.c:90:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmac_md5((uint8_t *)chal.c_str(), strlen(chal.c_str()), (uint8_t *)password, strlen(password), hmac);
data/bareos-17.2.7/src/lib/cram-md5.c:136:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmac_md5((uint8_t *)chal.c_str(), strlen(chal.c_str()), (uint8_t *)password, strlen(password), hmac);
data/bareos-17.2.7/src/lib/cram-md5.c:136:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmac_md5((uint8_t *)chal.c_str(), strlen(chal.c_str()), (uint8_t *)password, strlen(password), hmac);
data/bareos-17.2.7/src/lib/crypto.c:121:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(buf));
data/bareos-17.2.7/src/lib/crypto_cache.c:59:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((status = read(fd, &hdr, hdr_size)) != hdr_size) {
data/bareos-17.2.7/src/lib/crypto_cache.c:88:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(fd, cce, sizeof(crypto_cache_entry_t)) == sizeof(crypto_cache_entry_t)) {
data/bareos-17.2.7/src/lib/crypto_cache.c:338:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_vol_length = strlen(_("Volumename"));
data/bareos-17.2.7/src/lib/crypto_cache.c:339:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_key_length = strlen(_("EncryptionKey"));
data/bareos-17.2.7/src/lib/crypto_cache.c:341:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cce->VolumeName) > max_vol_length) {
data/bareos-17.2.7/src/lib/crypto_cache.c:342:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_vol_length = strlen(cce->VolumeName);
data/bareos-17.2.7/src/lib/crypto_cache.c:345:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cce->EncryptionKey) > max_key_length) {
data/bareos-17.2.7/src/lib/crypto_cache.c:346:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_key_length = strlen(cce->EncryptionKey);
data/bareos-17.2.7/src/lib/crypto_wrap.c:87:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_data.size = strlen((char *)kek);
data/bareos-17.2.7/src/lib/crypto_wrap.c:157:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_data.size = strlen((char *)kek);
data/bareos-17.2.7/src/lib/daemon.c:104:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
oldmask = umask(026);
data/bareos-17.2.7/src/lib/daemon.c:106:4: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(oldmask);
data/bareos-17.2.7/src/lib/devlock.c:63:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((status = pthread_cond_init(&rwl->read, NULL)) != 0) {
data/bareos-17.2.7/src/lib/devlock.c:68:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pthread_cond_destroy(&rwl->read);
data/bareos-17.2.7/src/lib/devlock.c:115:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status1 = pthread_cond_destroy(&rwl->read);
data/bareos-17.2.7/src/lib/devlock.c:170:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = pthread_cond_wait(&rwl->read, &rwl->mutex);
data/bareos-17.2.7/src/lib/devlock.c:335:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = pthread_cond_broadcast(&rwl->read);
data/bareos-17.2.7/src/lib/devlock.h:46:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pthread_cond_t read; /* wait for read */
data/bareos-17.2.7/src/lib/dlist.c:337:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return new_dlistString(str, strlen(str));
data/bareos-17.2.7/src/lib/edit.c:220:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/bareos-17.2.7/src/lib/edit.c:331:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mod_len = strlen(mod_str);
data/bareos-17.2.7/src/lib/edit.c:393:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (val == 0 && strlen(buf) == 0) {
data/bareos-17.2.7/src/lib/edit.c:441:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mod_len = strlen(mod_str);
data/bareos-17.2.7/src/lib/edit.c:660:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/bareos-17.2.7/src/lib/jcr.c:145:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &num, sizeof(num)) != sizeof(num)) {
data/bareos-17.2.7/src/lib/jcr.c:154:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &job, sizeof(job)) != sizeof(job)) {
data/bareos-17.2.7/src/lib/jcr.c:838:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(Job);
data/bareos-17.2.7/src/lib/mem_pool.c:521:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pmlen = strlen(pm);
data/bareos-17.2.7/src/lib/mem_pool.c:526:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
data/bareos-17.2.7/src/lib/mem_pool.c:534:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pmlen = strlen(pm);
data/bareos-17.2.7/src/lib/mem_pool.c:535:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str.c_str()) + 1;
data/bareos-17.2.7/src/lib/mem_pool.c:544:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pmlen = strlen(pm.c_str());
data/bareos-17.2.7/src/lib/mem_pool.c:549:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
data/bareos-17.2.7/src/lib/mem_pool.c:557:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pmlen = strlen(pm->c_str());
data/bareos-17.2.7/src/lib/mem_pool.c:562:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
data/bareos-17.2.7/src/lib/mem_pool.c:578:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
data/bareos-17.2.7/src/lib/mem_pool.c:586:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str.c_str()) + 1;
data/bareos-17.2.7/src/lib/mem_pool.c:599:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
data/bareos-17.2.7/src/lib/mem_pool.c:611:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
data/bareos-17.2.7/src/lib/mem_pool.c:696:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pmlen = strlen();
data/bareos-17.2.7/src/lib/mem_pool.c:701:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = ::strlen(str) + 1;
data/bareos-17.2.7/src/lib/mem_pool.c:718:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = ::strlen(str) + 1;
data/bareos-17.2.7/src/lib/mem_pool.h:110:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strlen() { return ::strlen(mem); };
data/bareos-17.2.7/src/lib/mem_pool.h:110:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strlen() { return ::strlen(mem); };
data/bareos-17.2.7/src/lib/message.c:223:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(l) + 1;
data/bareos-17.2.7/src/lib/message.c:233:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exepath = (char *)malloc(strlen(argv[0]) + 1 + len);
data/bareos-17.2.7/src/lib/message.c:241:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exepath = (char *)malloc(strlen(cpath) + 1 + len);
data/bareos-17.2.7/src/lib/message.c:834:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, p, len);
data/bareos-17.2.7/src/lib/message.c:959:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dtlen = strlen(dt);
data/bareos-17.2.7/src/lib/message.c:986:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(msg);
data/bareos-17.2.7/src/lib/message.c:1089:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(msg) + dtlen;
data/bareos-17.2.7/src/lib/message.c:1167:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((basename = bstrrpath(pathname, pathname+strlen(pathname))) == pathname) {
data/bareos-17.2.7/src/lib/output_formatter.c:371:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rewrap_string.check_size(string.strlen() * 2);
data/bareos-17.2.7/src/lib/output_formatter.c:620:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = result_message_plain->strlen();
data/bareos-17.2.7/src/lib/output_formatter.c:862:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = strlen(string);
data/bareos-17.2.7/src/lib/parse_conf.c:903:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (resourcetype_lowercase.strlen() <= 0) {
data/bareos-17.2.7/src/lib/passphrase.c:100:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vc_len = strlen(valid_chars);
data/bareos-17.2.7/src/lib/passphrase.c:140:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vc_len = strlen(valid_chars);
data/bareos-17.2.7/src/lib/path_list.c:95:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(filename);
data/bareos-17.2.7/src/lib/plugins.c:43:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define NAMELEN(dirent) (strlen((dirent)->d_name))
data/bareos-17.2.7/src/lib/plugins.c:224:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(plugin_dir);
data/bareos-17.2.7/src/lib/plugins.c:304:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(result->d_name);
data/bareos-17.2.7/src/lib/plugins.c:305:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
type_len = strlen(type);
data/bareos-17.2.7/src/lib/res.c:1450:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(esc, msgres->mail_cmd, strlen(msgres->mail_cmd));
data/bareos-17.2.7/src/lib/res.c:1458:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(esc, msgres->operator_cmd, strlen(msgres->operator_cmd));
data/bareos-17.2.7/src/lib/res.c:1466:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_string(esc, msgres->timestamp_format, strlen(msgres->timestamp_format));
data/bareos-17.2.7/src/lib/rwlock.c:51:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((status = pthread_cond_init(&rwl->read, NULL)) != 0) {
data/bareos-17.2.7/src/lib/rwlock.c:56:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pthread_cond_destroy(&rwl->read);
data/bareos-17.2.7/src/lib/rwlock.c:102:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status1 = pthread_cond_destroy(&rwl->read);
data/bareos-17.2.7/src/lib/rwlock.c:153:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = pthread_cond_wait(&rwl->read, &rwl->mutex);
data/bareos-17.2.7/src/lib/rwlock.c:311:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = pthread_cond_broadcast(&rwl->read);
data/bareos-17.2.7/src/lib/rwlock.h:37:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pthread_cond_t read; /* wait for read */
data/bareos-17.2.7/src/lib/scan.c:57:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = cmd + strlen(cmd) - 1;
data/bareos-17.2.7/src/lib/scan.c:70:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = cmd + strlen(cmd) - 1;
data/bareos-17.2.7/src/lib/scan.c:86:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = dir + strlen(dir) - 1;
data/bareos-17.2.7/src/lib/scan.c:313:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = slen = strlen(fname);
data/bareos-17.2.7/src/lib/scsi_crypto.c:404:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(status);
data/bareos-17.2.7/src/lib/scsi_crypto.c:578:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(status);
data/bareos-17.2.7/src/lib/scsi_crypto.c:726:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(status);
data/bareos-17.2.7/src/lib/scsi_crypto.c:734:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(status);
data/bareos-17.2.7/src/lib/signal.c:165:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int exelen = strlen(exepath);
data/bareos-17.2.7/src/lib/signal.c:181:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(exepath, "/");
data/bareos-17.2.7/src/lib/smartall.c:512:22: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(errmsg, "\n");
data/bareos-17.2.7/src/lib/smartall.c:518:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(errmsg + strlen(errmsg), " %02X",
data/bareos-17.2.7/src/lib/smartall.c:521:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(errmsg + strlen(errmsg), " %c ",
data/bareos-17.2.7/src/lib/tcpd.h:41:27: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; }
data/bareos-17.2.7/src/lib/tree.c:208:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int path_len = strlen(path);
data/bareos-17.2.7/src/lib/tree.c:243:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_len = strlen(path); /* get new length */
data/bareos-17.2.7/src/lib/tree.c:347:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
node->fname_len = strlen(fname);
data/bareos-17.2.7/src/lib/tree.c:471:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/bareos-17.2.7/src/lib/tree.c:478:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cd->fname[0] == path[0] && len == (int)strlen(cd->fname)
data/bareos-17.2.7/src/lib/unittests/base64_test.c:169:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = bin_to_base64(buf, sizeof(buf), junk, strlen(junk), true);
data/bareos-17.2.7/src/lib/unittests/dlist_test.c:272:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "a");
data/bareos-17.2.7/src/lib/unittests/passphrase_test.c:42:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pwlen = strlen(password);
data/bareos-17.2.7/src/lib/util.c:213:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len = resultbuffer.strlen(); len > 0; len--) {
data/bareos-17.2.7/src/lib/util.c:661:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(meta);
data/bareos-17.2.7/src/lib/util.c:736:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)GetCurrentProcessId());
data/bareos-17.2.7/src/lib/util.c:737:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)getcwd(s + strlen(s), 256);
data/bareos-17.2.7/src/lib/util.c:738:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)GetTickCount());
data/bareos-17.2.7/src/lib/util.c:740:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)li.LowPart);
data/bareos-17.2.7/src/lib/util.c:742:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)ft.dwLowDateTime);
data/bareos-17.2.7/src/lib/util.c:743:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)ft.dwHighDateTime);
data/bareos-17.2.7/src/lib/util.c:745:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GetComputerName(s + strlen(s), &length);
data/bareos-17.2.7/src/lib/util.c:747:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GetUserName(s + strlen(s), &length);
data/bareos-17.2.7/src/lib/util.c:750:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)getpid());
data/bareos-17.2.7/src/lib/util.c:751:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)getppid());
data/bareos-17.2.7/src/lib/util.c:752:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)getcwd(s + strlen(s), 256);
data/bareos-17.2.7/src/lib/util.c:753:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)clock());
data/bareos-17.2.7/src/lib/util.c:754:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)time(NULL));
data/bareos-17.2.7/src/lib/util.c:756:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sysinfo(SI_HW_SERIAL,s + strlen(s), 12);
data/bareos-17.2.7/src/lib/util.c:759:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t) gethostid());
data/bareos-17.2.7/src/lib/util.c:761:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gethostname(s + strlen(s), 256);
data/bareos-17.2.7/src/lib/util.c:762:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)getuid());
data/bareos-17.2.7/src/lib/util.c:763:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)getgid());
data/bareos-17.2.7/src/lib/util.c:766:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5c, (uint8_t *)s, strlen(s));
data/bareos-17.2.7/src/lib/util.c:768:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)((time(NULL) + 65121) ^ 0x375F));
data/bareos-17.2.7/src/lib/util.c:770:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5c, (uint8_t *)s, strlen(s));
data/bareos-17.2.7/src/lib/util.c:1013:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (const char *p = &str[strlen(str) - 1]; p >= str; p--) {
data/bareos-17.2.7/src/lib/var.c:146:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(cp);
data/bareos-17.2.7/src/lib/var.c:153:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(cp);
data/bareos-17.2.7/src/lib/var.c:1395:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!tokenbuf_assign(data, buf, strlen(buf))) {
data/bareos-17.2.7/src/lmdb/mdb.c:5132:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/bareos-17.2.7/src/lmdb/mdb.c:9919:18: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
my.mc_wbuf[0] = memalign(env->me_os_psize, MDB_WBUF*2);
data/bareos-17.2.7/src/lmdb/mdb.c:10148:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/bareos-17.2.7/src/lmdb/mdb.c:10386:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/bareos-17.2.7/src/ndmp/ndma_comm_dispatch.c:1580:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (sess->data_acb->bu_type, request->bu_type, sizeof(sess->data_acb->bu_type) - 1);
data/bareos-17.2.7/src/ndmp/ndma_comm_dispatch.c:1643:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (sess->data_acb->bu_type, request->bu_type, sizeof(sess->data_acb->bu_type) - 1);
data/bareos-17.2.7/src/ndmp/ndma_comm_dispatch.c:1805:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (sess->data_acb->bu_type, request->bu_type, sizeof(sess->data_acb->bu_type) - 1);
data/bareos-17.2.7/src/ndmp/ndma_data_fh.c:115:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nlen = strlen (name) + 1;
data/bareos-17.2.7/src/ndmp/ndma_data_fh.c:135:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nlen = strlen (name) + 1;
data/bareos-17.2.7/src/ndmp/ndma_robot_simulator.c:101:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!name || strlen(name) > NDMOS_CONST_PATH_MAX - 1)
data/bareos-17.2.7/src/ndmp/ndmjob_args.c:688:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read(fd, d_agent, 1024);
data/bareos-17.2.7/src/ndmp/ndmjob_job.c:296:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefix_len = strlen (C_chdir) + 2;
data/bareos-17.2.7/src/ndmp/ndmjob_job.c:303:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (file_arg_new[i]) + prefix_len + 1;
data/bareos-17.2.7/src/ndmp/ndmjob_job.c:311:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (dest, "/");
data/bareos-17.2.7/src/ndmp/ndmjob_job.c:325:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (file_arg[i]) + prefix_len + 1;
data/bareos-17.2.7/src/ndmp/ndmjob_job.c:333:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (dest, "/");
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:77:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (ta->tape_fd, &gap, sizeof gap);
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:92:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (ta->tape_fd, &gap, sizeof gap);
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:147:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (ta->tape_fd, &gap, sizeof gap);
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:286:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (fd, &gap, sizeof gap);
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:311:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (fd, &gap, sizeof gap);
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:527:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (ta->tape_fd, &gap, sizeof gap);
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:612:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (ta->tape_fd, &gap, sizeof gap);
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:676:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (ta->tape_fd, &gap, sizeof gap);
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:690:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (ta->tape_fd, buf, nb);
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:946:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(ta->tape_fd, buf, nb);
data/bareos-17.2.7/src/ndmp/ndmjob_simulator.c:1048:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, (void *)rs, sizeof(*rs)) < sizeof(*rs)) {
data/bareos-17.2.7/src/ndmp/ndml_agent.c:101:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (agent->host, str, NDMAGENT_HOST_MAX-1);
data/bareos-17.2.7/src/ndmp/ndml_agent.c:162:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (agent->account, acct, NDMAGENT_ACCOUNT_MAX-1);
data/bareos-17.2.7/src/ndmp/ndml_agent.c:164:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (agent->password, pass,
data/bareos-17.2.7/src/ndmp/ndml_bstf.c:281:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fp)) != EOF) {
data/bareos-17.2.7/src/ndmp/ndml_bstf.c:327:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fp)) != EOF) {
data/bareos-17.2.7/src/ndmp/ndml_chan.c:294:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (ch->fd, &ch->data[ch->end_ix], len);
data/bareos-17.2.7/src/ndmp/ndml_conn.c:942:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (conn->chan.fd, buf, len);
data/bareos-17.2.7/src/ndmp/ndml_md5.c:109:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pwlength = strlen (clear_text_password);
data/bareos-17.2.7/src/ndmp/ndml_scsi.c:68:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (str) >= NDMOS_CONST_PATH_MAX) {
data/bareos-17.2.7/src/ndmp/ndml_stzf.c:52:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (fp);
data/bareos-17.2.7/src/ndmp/ndml_stzf.c:64:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fp)) != EOF && c != '\n')
data/bareos-17.2.7/src/ndmp/ndml_stzf.c:71:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fp)) != EOF && c != '\n') {
data/bareos-17.2.7/src/ndmp/ndml_stzf.c:86:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (fp);
data/bareos-17.2.7/src/ndmp/ndml_stzf.c:95:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fp)) != EOF && c != '\n')
data/bareos-17.2.7/src/ndmp/ndml_stzf.c:101:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fp)) != EOF && c != '\n' && c != ']') {
data/bareos-17.2.7/src/ndmp/ndml_stzf.c:109:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fp)) != EOF && c != '\n')
data/bareos-17.2.7/src/ndmp/ndmp3_translate.c:2277:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, name3->destination_dir, cnt);
data/bareos-17.2.7/src/ndmp/ndmp3_translate.c:2298:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, name3->new_name, cnt);
data/bareos-17.2.7/src/ndmp/ndmp3_translate.c:2310:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, name3->new_name, cnt);
data/bareos-17.2.7/src/ndmp/ndmp3_translate.c:2318:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, name3->original_path, cnt);
data/bareos-17.2.7/src/ndmp/ndmp3_translate.c:2354:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
olen = strlen(name9->original_path);
data/bareos-17.2.7/src/ndmp/ndmp3_translate.c:2355:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen = strlen(name9->destination_path);
data/bareos-17.2.7/src/ndmp/ndmp3_translate.c:2362:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, name9->destination_path, offset);
data/bareos-17.2.7/src/ndmp/ndmp4_pp.c:99:10: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf (NDMOS_API_STREND(buf), ")");
data/bareos-17.2.7/src/ndmp/wraplib.c:1287:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (wccb->data_conn_fd, have_end, n_read);
data/bareos-17.2.7/src/plugins/dird/python-dir.c:423:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bp) == 0) {
data/bareos-17.2.7/src/plugins/filed/bpipe-fd.c:491:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rp->where) > 512) {
data/bareos-17.2.7/src/plugins/filed/bpipe-fd.c:587:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
omsg = (char*)malloc(strlen(imsg) + (w_count * (strlen(p_ctx->where)-2)) - r_count + 1);
data/bareos-17.2.7/src/plugins/filed/bpipe-fd.c:587:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
omsg = (char*)malloc(strlen(imsg) + (w_count * (strlen(p_ctx->where)-2)) - r_count + 1);
data/bareos-17.2.7/src/plugins/filed/bpipe-fd.c:713:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argument) == 0) {
data/bareos-17.2.7/src/plugins/filed/bpipe-fd.c:718:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bstrncasecmp(argument, plugin_arguments[i].name, strlen(plugin_arguments[i].name))) {
data/bareos-17.2.7/src/plugins/filed/bpipe-fd.c:745:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bp) == 0) {
data/bareos-17.2.7/src/plugins/filed/cephfs-fd.c:922:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bp) == 0) {
data/bareos-17.2.7/src/plugins/filed/cephfs-fd.c:1087:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p_ctx->basedir && strlen(p_ctx->basedir) > 0) {
data/bareos-17.2.7/src/plugins/filed/cephfs-fd.c:1281:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_list_add(p_ctx->path_list, strlen(directory), directory);
data/bareos-17.2.7/src/plugins/filed/cephfs-fd.c:1309:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_list_add(p_ctx->path_list, strlen(directory), directory);
data/bareos-17.2.7/src/plugins/filed/cephfs-fd.c:1431:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(parent_dir.c_str())) {
data/bareos-17.2.7/src/plugins/filed/cephfs-fd.c:1686:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
expected_serialize_len = strlen(xattr_acl_skiplist[cnt]) + xattr_value_length + 4;
data/bareos-17.2.7/src/plugins/filed/cephfs-fd.c:1688:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xattr_acl_skiplist[cnt], strlen(xattr_acl_skiplist[cnt]),
data/bareos-17.2.7/src/plugins/filed/cephfs-fd.c:1888:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xp->name_length = strlen(xp->name) + 1;
data/bareos-17.2.7/src/plugins/filed/gfapi-fd.c:693:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p_ctx->basedir && !bstrncmp(p_ctx->basedir, p_ctx->next_filename, strlen(p_ctx->basedir))) {
data/bareos-17.2.7/src/plugins/filed/gfapi-fd.c:1144:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bp) == 0) {
data/bareos-17.2.7/src/plugins/filed/gfapi-fd.c:1250:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(new_directory.c_str());
data/bareos-17.2.7/src/plugins/filed/gfapi-fd.c:1261:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(new_directory.c_str()) &&
data/bareos-17.2.7/src/plugins/filed/gfapi-fd.c:1286:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_list_add(p_ctx->path_list, strlen(directory), directory);
data/bareos-17.2.7/src/plugins/filed/gfapi-fd.c:1701:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p_ctx->basedir && strlen(p_ctx->basedir) > 0) {
data/bareos-17.2.7/src/plugins/filed/gfapi-fd.c:1963:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(parent_dir.c_str())) {
data/bareos-17.2.7/src/plugins/filed/gfapi-fd.c:2220:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
expected_serialize_len = strlen(xattr_acl_skiplist[cnt]) + xattr_value_length + 4;
data/bareos-17.2.7/src/plugins/filed/gfapi-fd.c:2222:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xattr_acl_skiplist[cnt], strlen(xattr_acl_skiplist[cnt]),
data/bareos-17.2.7/src/plugins/filed/gfapi-fd.c:2423:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xp->name_length = strlen(xp->name) + 1;
data/bareos-17.2.7/src/plugins/filed/python-fd.c:935:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p_ctx->plugin_options);
data/bareos-17.2.7/src/plugins/filed/python-fd.c:971:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bp) == 0) {
data/bareos-17.2.7/src/plugins/filed/rados-fd.c:613:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bp) == 0) {
data/bareos-17.2.7/src/plugins/filed/rados-fd.c:1186:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xp->name_length = strlen(xattr_name) + 1;
data/bareos-17.2.7/src/plugins/filed/test-plugin-fd.c:566:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp->object_len = strlen(sp->object)+1+6+1; /* str + 0 + secret + 0 */
data/bareos-17.2.7/src/plugins/filed/test-plugin-fd.c:693:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rp->where) > 512) {
data/bareos-17.2.7/src/plugins/stored/python-sd.c:443:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bp) == 0) {
data/bareos-17.2.7/src/plugins/stored/scsicrypto-sd.c:372:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base64_to_bin(VolEncrKey, sizeof(VolEncrKey), StoredVolEncrKey, strlen(StoredVolEncrKey));
data/bareos-17.2.7/src/stored/ansi_label.c:81:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = dev->read(label, sizeof(label));
data/bareos-17.2.7/src/stored/ansi_label.c:318:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(VolName);
data/bareos-17.2.7/src/stored/askdir.c:727:4: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/bareos-17.2.7/src/stored/authenticate.c:73:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(dir->msg, "Hello Director %127s calling", dirname) != 1) {
data/bareos-17.2.7/src/stored/autochanger.c:752:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dir->msglen = strlen(dir->msg);
data/bareos-17.2.7/src/stored/autochanger.c:842:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dir->msglen = strlen(dir->msg);
data/bareos-17.2.7/src/stored/backends/droplet_device.c:677:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(profile);
data/bareos-17.2.7/src/stored/backends/generic_tape_device.c:493:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((status = this->read((char *)rbuf, rbuf_len)) < 0) {
data/bareos-17.2.7/src/stored/backends/generic_tape_device.c:1459:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return ::read(fd, buffer, count);
data/bareos-17.2.7/src/stored/backends/gfapi_device.c:273:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(new_directory.c_str());
data/bareos-17.2.7/src/stored/backends/gfapi_device.c:284:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(new_directory.c_str()) &&
data/bareos-17.2.7/src/stored/backends/unix_fifo_device.c:310:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return ::read(fd, buffer, count);
data/bareos-17.2.7/src/stored/backends/unix_file_device.c:197:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return ::read(fd, buffer, count);
data/bareos-17.2.7/src/stored/backends/unix_file_device.c:269:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!IsPathSeparator(archive_name.c_str()[strlen(archive_name.c_str())-1])) {
data/bareos-17.2.7/src/stored/block.c:995:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = dev->read(block->buf, (size_t)block->buf_len);
data/bareos-17.2.7/src/stored/bscan.c:473:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rop->object_name = rop->plugin_name + strlen(rop->plugin_name) + 1;
data/bareos-17.2.7/src/stored/bscan.c:474:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rop->object = rop->object_name + strlen(rop->object_name) + 1;
data/bareos-17.2.7/src/stored/btape.c:436:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, buf, len);
data/bareos-17.2.7/src/stored/btape.c:1953:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = read(dev->fd(), buf, len);
data/bareos-17.2.7/src/stored/btape.c:1988:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((status = read(dev->fd(), buf, sizeof(buf))) < 0) {
data/bareos-17.2.7/src/stored/btape.c:2485:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, &state_level, sizeof(btape_state_level));
data/bareos-17.2.7/src/stored/btape.c:2486:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, &simple, sizeof(simple));
data/bareos-17.2.7/src/stored/btape.c:2487:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, &last_block_num1, sizeof(last_block_num1));
data/bareos-17.2.7/src/stored/btape.c:2488:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, &last_block_num2, sizeof(last_block_num2));
data/bareos-17.2.7/src/stored/btape.c:2489:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, &last_file1, sizeof(last_file1));
data/bareos-17.2.7/src/stored/btape.c:2490:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, &last_file2, sizeof(last_file2));
data/bareos-17.2.7/src/stored/btape.c:2491:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, last_block1->buf, last_block1->buf_len);
data/bareos-17.2.7/src/stored/btape.c:2492:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, last_block2->buf, last_block2->buf_len);
data/bareos-17.2.7/src/stored/btape.c:2493:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, first_block->buf, first_block->buf_len);
data/bareos-17.2.7/src/stored/btape.c:3046:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc(stdin)) != EOF) {
data/bareos-17.2.7/src/stored/btape.c:3095:4: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/bareos-17.2.7/src/stored/btape.c:3120:7: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/bareos-17.2.7/src/stored/butil.c:120:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(VolumeName) >= MAX_NAME_LENGTH) {
data/bareos-17.2.7/src/stored/butil.c:129:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = dev_name + strlen(dev_name);
data/bareos-17.2.7/src/stored/butil.c:249:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(device_name);
data/bareos-17.2.7/src/stored/crc32.c:449:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = bcrc32((unsigned char *)buf, strlen(buf));
data/bareos-17.2.7/src/stored/dev.c:249:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dev->dev_name = get_memory(strlen(device->device_name) + 1);
data/bareos-17.2.7/src/stored/dev.c:252:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dev->dev_options = get_memory(strlen(device->device_options) + 1);
data/bareos-17.2.7/src/stored/dev.c:255:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dev->prt_name = get_memory(strlen(device->device_name) + strlen(device->name()) + 20);
data/bareos-17.2.7/src/stored/dev.c:255:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dev->prt_name = get_memory(strlen(device->device_name) + strlen(device->name()) + 20);
data/bareos-17.2.7/src/stored/dev.c:643:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!IsPathSeparator(archive_name.c_str()[strlen(archive_name.c_str())-1])) {
data/bareos-17.2.7/src/stored/dev.c:1161:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t DEVICE::read(void *buf, size_t len)
data/bareos-17.2.7/src/stored/dev.h:473:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read(void *buf, size_t len);
data/bareos-17.2.7/src/stored/dir_cmd.c:307:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bstrncmp(cmds[i].cmd, dir->msg, strlen(cmds[i].cmd))) {
data/bareos-17.2.7/src/stored/dir_cmd.c:1351:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(dir->msg, "autochanger listall %127s", devname.c_str()) == 1) {
data/bareos-17.2.7/src/stored/dir_cmd.c:1354:15: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
} else if (sscanf(dir->msg, "autochanger list %127s", devname.c_str()) == 1) {
data/bareos-17.2.7/src/stored/dir_cmd.c:1357:15: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
} else if (sscanf(dir->msg, "autochanger slots %127s", devname.c_str()) == 1) {
data/bareos-17.2.7/src/stored/dir_cmd.c:1360:15: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
} else if (sscanf(dir->msg, "autochanger drives %127s", devname.c_str()) == 1) {
data/bareos-17.2.7/src/stored/dir_cmd.c:1363:15: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
} else if (sscanf(dir->msg, "autochanger transfer %127s %hd %hd",
data/bareos-17.2.7/src/stored/fd_cmds.c:224:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bstrncmp(fd_cmds[i].cmd, fd->msg, strlen(fd_cmds[i].cmd))) {
data/bareos-17.2.7/src/stored/job.c:207:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(jcr->sd_auth_key, 0, strlen(jcr->sd_auth_key));
data/bareos-17.2.7/src/stored/read_record.c:104:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = 0;
data/bareos-17.2.7/src/stored/reserve.c:78:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(jcr->sd_auth_key, 0, strlen(jcr->sd_auth_key));
data/bareos-17.2.7/src/stored/scan.c:74:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(mount_point);
data/bareos-17.2.7/src/stored/scan.c:156:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/bareos-17.2.7/src/stored/sd_cmds.c:175:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bstrncmp(sd_cmds[i].cmd, sd->msg, strlen(sd_cmds[i].cmd))) {
data/bareos-17.2.7/src/stored/sd_plugins.c:589:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(plugin_name);
data/bareos-17.2.7/src/stored/socket_server.c:85:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(bs->msg, "Hello Start Job %127s", name) == 1) {
data/bareos-17.2.7/src/stored/socket_server.c:93:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(bs->msg, "Hello Start Storage Job %127s", name) == 1) {
data/bareos-17.2.7/src/stored/spool.c:270:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rdev->dev_name = get_memory(strlen(spool_name)+1);
data/bareos-17.2.7/src/stored/spool.c:424:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = read(dcr->spool_fd, (char *)&hdr, (size_t)rlen);
data/bareos-17.2.7/src/stored/spool.c:447:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = read(dcr->spool_fd, (char *)block->buf, (size_t)rlen);
data/bareos-17.2.7/src/stored/status.c:851:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendit(msg, strlen(msg), sp);
data/bareos-17.2.7/src/stored/stored.c:546:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int my_name_len = strlen(my_name);
data/bareos-17.2.7/src/stored/stored.c:547:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(me->working_directory);
data/bareos-17.2.7/src/stored/stored.h:75:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define NAMELEN(dirent) (strlen((dirent)->d_name))
data/bareos-17.2.7/src/tests/cats_test.c:479:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db_escape_string(jcr, db, buf2, buf, strlen(buf));
data/bareos-17.2.7/src/tests/cats_test.c:480:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok((strlen(buf) + 2) == strlen(buf2),"Quoted string should be longer");
data/bareos-17.2.7/src/tests/cats_test.c:480:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok((strlen(buf) + 2) == strlen(buf2),"Quoted string should be longer");
data/bareos-17.2.7/src/tests/gigaslam.c:48:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fseeko(fp, howBig - strlen(trailer), 0);
data/bareos-17.2.7/src/tests/gigaslam.c:49:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(trailer, strlen(trailer), 1, fp);
data/bareos-17.2.7/src/tests/grow.c:54:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fseeko(fp, howBig - strlen(trailer), SEEK_SET);
data/bareos-17.2.7/src/tests/grow.c:55:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(trailer, strlen(trailer), 1, fp);
data/bareos-17.2.7/src/tools/bpluginfo.c:280:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dirtmp, "/");
data/bareos-17.2.7/src/tools/bscrypto.c:245:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(1, new_cache_entry, sizeof(new_cache_entry)) > 0) {
data/bareos-17.2.7/src/tools/bscrypto.c:311:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(kfd, wrapdata, sizeof(wrapdata));
data/bareos-17.2.7/src/tools/bscrypto.c:413:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(kfd, keydata, sizeof(keydata));
data/bareos-17.2.7/src/tools/bscrypto.c:436:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keydata, strlen(keydata)) == 0) {
data/bareos-17.2.7/src/tools/bscrypto.c:471:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base64_to_bin(passphrase, length, keydata, strlen(keydata));
data/bareos-17.2.7/src/tools/bscrypto.c:535:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(kfd, keydata, sizeof(keydata));
data/bareos-17.2.7/src/tools/bsmtp.c:127:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(buf);
data/bareos-17.2.7/src/tools/bsmtp.c:407:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(my_hostname, ai->ai_canonname, sizeof(my_hostname) - 1);
data/bareos-17.2.7/src/tools/bsmtp.c:416:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(my_hostname, hp->h_name, sizeof(my_hostname) - 1);
data/bareos-17.2.7/src/tools/bsmtp.c:673:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = '\0';
data/bareos-17.2.7/src/tools/smtp-orig.c:151:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf) - 1] = 0;
data/bareos-17.2.7/src/tools/smtp-orig.c:251:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(my_name, hp->h_name, sizeof(my_name) - 1);
data/bareos-17.2.7/src/tools/smtp-orig.c:347:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf) - 1] = 0;
data/bareos-17.2.7/src/tools/smtp-orig.c:377:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(infile)) != EOF) {
data/bareos-17.2.7/src/tools/smtp-orig.c:407:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(infile);
data/bareos-17.2.7/src/tools/smtp-orig.c:409:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(infile);
data/bareos-17.2.7/src/tools/smtp-orig.c:411:30: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(infile);
data/bareos-17.2.7/src/tools/smtp-orig.c:413:34: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(infile);
data/bareos-17.2.7/src/win32/compat/compat.c:387:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*fname != 0 && win32_name[-1] == '\\' && strlen (fname) != 3) {
data/bareos-17.2.7/src/win32/compat/compat.c:404:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bstrncpy(pszBuf, tname, strlen(tname)+1);
data/bareos-17.2.7/src/win32/compat/compat.c:423:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dwSize = 2 * strlen(name) + MAX_PATH;
data/bareos-17.2.7/src/win32/compat/compat.c:456:8: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wcslen(name) > 3 && wcsncmp(name, L"\\\\?\\", 4) == 0) {
data/bareos-17.2.7/src/win32/compat/compat.c:468:30: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DWORD dwBufCharsNeeded = (wcslen(name)+7);
data/bareos-17.2.7/src/win32/compat/compat.c:602:22: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nParseOffset = wcslen((LPCWSTR) pwszBuf);
data/bareos-17.2.7/src/win32/compat/compat.c:608:10: [1] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant
character.
wcscat(pwszBuf, L"\\");
data/bareos-17.2.7/src/win32/compat/compat.c:675:7: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(pszBuf, &pwszBuf[nParseOffset], wcslen(pwszBuf) + 1 - nParseOffset);
data/bareos-17.2.7/src/win32/compat/compat.c:675:47: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcsncpy(pszBuf, &pwszBuf[nParseOffset], wcslen(pwszBuf) + 1 - nParseOffset);
data/bareos-17.2.7/src/win32/compat/compat.c:733:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DWORD cchSize = (strlen(pszUTF)+1);
data/bareos-17.2.7/src/win32/compat/compat.c:814:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (tcc->dwWin32ConvUTF8strlen == strlen(pszUTF)) {
data/bareos-17.2.7/src/win32/compat/compat.c:852:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tcc->dwWin32ConvUTF8strlen = strlen(pszUTF);
data/bareos-17.2.7/src/win32/compat/compat.c:861:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
int umask(int)
data/bareos-17.2.7/src/win32/compat/compat.c:1070:27: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SubstituteNameLength = wcslen( (LPWSTR)szSubstituteName) * sizeof(WCHAR);
data/bareos-17.2.7/src/win32/compat/compat.c:1071:22: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PrintNameLength = wcslen( (LPWSTR)szPrintName) * sizeof(WCHAR);
data/bareos-17.2.7/src/win32/compat/compat.c:1073:4: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy((LPWSTR) rdb->MountPointReparseBuffer.PathBuffer,
data/bareos-17.2.7/src/win32/compat/compat.c:1076:4: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy((LPWSTR) rdb->MountPointReparseBuffer.PathBuffer + wcslen( (LPWSTR)szSubstituteName) + 1,
data/bareos-17.2.7/src/win32/compat/compat.c:1076:63: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcsncpy((LPWSTR) rdb->MountPointReparseBuffer.PathBuffer + wcslen( (LPWSTR)szSubstituteName) + 1,
data/bareos-17.2.7/src/win32/compat/compat.c:2057:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, slt, bufsiz - 1);
data/bareos-17.2.7/src/win32/compat/compat.c:2061:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(buf);
data/bareos-17.2.7/src/win32/compat/compat.c:2309:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (win32_path[strlen(win32_path) - 1] != '\\') {
data/bareos-17.2.7/src/win32/compat/compat.c:3291:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DWORD dwPathnameLength = strlen(pPathname);
data/bareos-17.2.7/src/win32/compat/glob.c:97:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char buf[1 + strlen( pattern )];
data/bareos-17.2.7/src/win32/compat/glob.c:567:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define D_NAMLEN( entry ) (strlen( (entry)->d_name ))
data/bareos-17.2.7/src/win32/compat/glob.c:758:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char dirbuf[1 + strlen( pattern )];
data/bareos-17.2.7/src/win32/compat/glob.c:808:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *tail = pattern + strlen( dir );
data/bareos-17.2.7/src/win32/compat/glob.c:851:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t dirlen = (dir == NULL) ? 0 : strlen( *dirp );
data/bareos-17.2.7/src/win32/filed/vss.c:164:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bIsValidName = strlen(szFilePath) > 3;
data/bareos-17.2.7/src/win32/filed/vss.c:175:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nBuflen -= (int)strlen(szShadowPath);
data/bareos-17.2.7/src/win32/filed/vss.c:197:19: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bIsValidName = wcslen(szFilePath) > 3;
data/bareos-17.2.7/src/win32/filed/vss.c:206:10: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(szShadowPath, m_szShadowCopyName[nDriveIndex], nBuflen);
data/bareos-17.2.7/src/win32/filed/vss.c:207:26: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nBuflen -= (int)wcslen(m_szShadowCopyName[nDriveIndex]);
data/bareos-17.2.7/src/win32/filed/vss.c:208:10: [1] (buffer) wcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
wcsncat(szShadowPath, szFilePath+2, nBuflen);
data/bareos-17.2.7/src/win32/filed/vss.c:213:4: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(szShadowPath, szFilePath, nBuflen);
data/bareos-17.2.7/src/win32/filed/vss_generic.c:243:10: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = wcslen(str) + 1;
data/bareos-17.2.7/src/win32/filed/vss_generic.c:314:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(volumepath) + 1;
data/bareos-17.2.7/src/win32/filed/vss_generic.c:651:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (size_t i = 0; i < strlen (szDriveLetters); i++) {
data/bareos-17.2.7/src/win32/filed/vss_generic.c:668:10: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(m_wszUniqueVolumeName[szDriveLetters[i]-'A'], (LPWSTR)volume.c_str(), MAX_PATH);
data/bareos-17.2.7/src/win32/filed/vss_generic.c:698:10: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = wcslen(volume) + 1;
data/bareos-17.2.7/src/win32/filed/vss_generic.c:1003:16: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(m_szShadowCopyName[ch],Snap.m_pwszSnapshotDeviceObject, MAX_PATH-1);
data/bareos-17.2.7/src/win32/findlib/win32.c:123:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fname) >= 2 && B_ISALPHA(fname[0]) && fname[1] == ':') {
data/bareos-17.2.7/src/win32/findlib/win32.c:288:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (bp && strlen(bp) > 0) {
data/bareos-17.2.7/src/win32/findlib/win32.c:484:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(expandedKey.c_str()) <= 1) {
data/bareos-17.2.7/src/win32/generic/main.c:188:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (int)strlen(cmdLine); i++) {
data/bareos-17.2.7/src/win32/generic/main.c:666:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (_tcslen(osvi.szCSDVersion) > 0) {
data/bareos-17.2.7/src/win32/generic/service.c:273:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(path) + (int)strlen(cmdOpts) + 30 < maxlen) {
data/bareos-17.2.7/src/win32/generic/service.c:273:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(path) + (int)strlen(cmdOpts) + 30 < maxlen) {
data/bareos-17.2.7/src/win32/generic/service.c:352:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned char *)svcmd, strlen(svcmd)+1) != ERROR_SUCCESS) {
data/bareos-17.2.7/src/win32/plugins/filed/mssqlvdi-fd.c:636:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bp) == 0) {
data/bareos-17.2.7/src/win32/plugins/filed/mssqlvdi-fd.c:1542:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
io->status = read(p_ctx->RestoreFD, io->buf, io->count);
data/bareos-17.2.7/src/win32/plugins/filed/mssqlvdi-fd.c:1896:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rp->where) > 0) {
data/bareos-17.2.7/src/win32/stored/backends/win32_fifo_device.c:317:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return ::read(fd, buffer, count);
data/bareos-17.2.7/src/win32/stored/backends/win32_file_device.c:203:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return ::read(fd, buffer, count);
data/bareos-17.2.7/src/win32/stored/backends/win32_file_device.c:257:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!IsPathSeparator(archive_name.c_str()[strlen(archive_name.c_str())-1])) {
ANALYSIS SUMMARY:
Hits = 3468
Lines analyzed = 340551 in approximately 8.84 seconds (38525 lines/second)
Physical Source Lines of Code (SLOC) = 235585
Hits@level = [0] 1053 [1] 714 [2] 2153 [3] 56 [4] 530 [5] 15
Hits@level+ = [0+] 4521 [1+] 3468 [2+] 2754 [3+] 601 [4+] 545 [5+] 15
Hits/KSLOC@level+ = [0+] 19.1905 [1+] 14.7208 [2+] 11.69 [3+] 2.5511 [4+] 2.31339 [5+] 0.0636713
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.