Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bopm-3.1.3/src/firedns.h
Examining data/bopm-3.1.3/src/config.h
Examining data/bopm-3.1.3/src/negcache.h
Examining data/bopm-3.1.3/src/main.h
Examining data/bopm-3.1.3/src/dnsbl.c
Examining data/bopm-3.1.3/src/log.h
Examining data/bopm-3.1.3/src/list.c
Examining data/bopm-3.1.3/src/libopm/src/libopm.c
Examining data/bopm-3.1.3/src/libopm/src/compat.c
Examining data/bopm-3.1.3/src/libopm/src/opm.h
Examining data/bopm-3.1.3/src/libopm/src/test.c
Examining data/bopm-3.1.3/src/libopm/src/setup.h
Examining data/bopm-3.1.3/src/libopm/src/proxy.c
Examining data/bopm-3.1.3/src/libopm/src/malloc.h
Examining data/bopm-3.1.3/src/libopm/src/config.c
Examining data/bopm-3.1.3/src/libopm/src/libopm.h
Examining data/bopm-3.1.3/src/libopm/src/opm_types.h
Examining data/bopm-3.1.3/src/libopm/src/list.c
Examining data/bopm-3.1.3/src/libopm/src/proxy.h
Examining data/bopm-3.1.3/src/libopm/src/snprintf.c
Examining data/bopm-3.1.3/src/libopm/src/config.h
Examining data/bopm-3.1.3/src/libopm/src/opm_common.h
Examining data/bopm-3.1.3/src/libopm/src/opm_error.h
Examining data/bopm-3.1.3/src/libopm/src/compat.h
Examining data/bopm-3.1.3/src/libopm/src/malloc.c
Examining data/bopm-3.1.3/src/libopm/src/inet.h
Examining data/bopm-3.1.3/src/libopm/src/inet.c
Examining data/bopm-3.1.3/src/libopm/src/list.h
Examining data/bopm-3.1.3/src/opercmd.h
Examining data/bopm-3.1.3/src/compat.c
Examining data/bopm-3.1.3/src/irc.c
Examining data/bopm-3.1.3/src/config.c
Examining data/bopm-3.1.3/src/log.c
Examining data/bopm-3.1.3/src/irc.h
Examining data/bopm-3.1.3/src/setup.h
Examining data/bopm-3.1.3/src/main.c
Examining data/bopm-3.1.3/src/snprintf.c
Examining data/bopm-3.1.3/src/inet.h
Examining data/bopm-3.1.3/src/malloc.c
Examining data/bopm-3.1.3/src/config-parser.h
Examining data/bopm-3.1.3/src/config-parser.c
Examining data/bopm-3.1.3/src/match.h
Examining data/bopm-3.1.3/src/negcache.c
Examining data/bopm-3.1.3/src/match.c
Examining data/bopm-3.1.3/src/compat.h
Examining data/bopm-3.1.3/src/dnsbl.h
Examining data/bopm-3.1.3/src/scan.c
Examining data/bopm-3.1.3/src/stats.h
Examining data/bopm-3.1.3/src/opercmd.c
Examining data/bopm-3.1.3/src/scan.h
Examining data/bopm-3.1.3/src/defs.h
Examining data/bopm-3.1.3/src/config-lexer.c
Examining data/bopm-3.1.3/src/extern.h
Examining data/bopm-3.1.3/src/list.h
Examining data/bopm-3.1.3/src/misc.c
Examining data/bopm-3.1.3/src/stats.c
Examining data/bopm-3.1.3/src/inet.c
Examining data/bopm-3.1.3/src/misc.h
Examining data/bopm-3.1.3/src/options.h
Examining data/bopm-3.1.3/src/firedns.c
Examining data/bopm-3.1.3/src/malloc.h

FINAL RESULTS:

data/bopm-3.1.3/src/irc.c:312:7:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
      strncat(IRC_CHANNELS, chan->name, MSGLENMAX);
data/bopm-3.1.3/src/irc.c:315:10:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
         strncat(IRC_CHANNELS, ",", MSGLENMAX);
data/bopm-3.1.3/src/compat.h:15:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#undef snprintf
data/bopm-3.1.3/src/compat.h:16:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf bopm_snprintf
data/bopm-3.1.3/src/compat.h:20:8:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#undef vsnprintf
data/bopm-3.1.3/src/compat.h:21:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define vsnprintf bopm_vsnprintf
data/bopm-3.1.3/src/config-lexer.c:1281:28:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                           strcpy(linebuf, yytext+1); 
data/bopm-3.1.3/src/config-parser.c:967:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define YYFPRINTF fprintf
data/bopm-3.1.3/src/dnsbl.c:261:14:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
   if ((fp = popen(cmdbuf, "w")) == NULL)
data/bopm-3.1.3/src/inet.c:195:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   return strcpy(dst, inetntoa((char *) src));
data/bopm-3.1.3/src/inet.c:301:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   return strcpy(dst, tmp);
data/bopm-3.1.3/src/inet.c:549:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(tmp, "::ffff:%s", src);
data/bopm-3.1.3/src/irc.c:342:4:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
   vsnprintf(data2, MSGLENMAX, data, arglist);
data/bopm-3.1.3/src/irc.c:376:4:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
   vsnprintf(data2, MSGLENMAX, data, arglist);
data/bopm-3.1.3/src/irc.c:570:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(msg, IRC_RAW);
data/bopm-3.1.3/src/libopm/src/compat.h:15:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#undef snprintf
data/bopm-3.1.3/src/libopm/src/compat.h:16:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf libopm_snprintf
data/bopm-3.1.3/src/libopm/src/compat.h:20:8:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#undef vsnprintf
data/bopm-3.1.3/src/libopm/src/compat.h:21:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define vsnprintf libopm_vsnprintf
data/bopm-3.1.3/src/libopm/src/inet.c:203:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    return strcpy(dst, inetntoa((char *) src));
data/bopm-3.1.3/src/libopm/src/inet.c:297:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    return strcpy(dst, tmp);
data/bopm-3.1.3/src/libopm/src/inet.c:523:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(tmp, "::ffff:%s", src);
data/bopm-3.1.3/src/libopm/src/snprintf.c:865:45:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
          if (fmt_spec == 'p') str_arg_l += sprintf(tmp+str_arg_l, f, ptr_arg);
data/bopm-3.1.3/src/libopm/src/snprintf.c:869:34:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            case 'h': str_arg_l+=sprintf(tmp+str_arg_l, f, int_arg);  break;
data/bopm-3.1.3/src/libopm/src/snprintf.c:870:34:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            case 'l': str_arg_l+=sprintf(tmp+str_arg_l, f, long_arg); break;
data/bopm-3.1.3/src/libopm/src/snprintf.c:872:34:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            case '2': str_arg_l+=sprintf(tmp+str_arg_l,f,long_long_arg); break;
data/bopm-3.1.3/src/libopm/src/snprintf.c:878:34:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            case 'h': str_arg_l+=sprintf(tmp+str_arg_l, f, uint_arg);  break;
data/bopm-3.1.3/src/libopm/src/snprintf.c:879:34:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            case 'l': str_arg_l+=sprintf(tmp+str_arg_l, f, ulong_arg); break;
data/bopm-3.1.3/src/libopm/src/snprintf.c:881:34:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            case '2': str_arg_l+=sprintf(tmp+str_arg_l,f,ulong_long_arg);break;
data/bopm-3.1.3/src/log.c:96:4:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
   vsnprintf(data2, 512, data, arglist);
data/bopm-3.1.3/src/log.h:9:63:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
extern void log_printf(char *data, ...) __attribute__((format(printf,1,2)));
data/bopm-3.1.3/src/malloc.c:79:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(x, y);
data/bopm-3.1.3/src/scan.c:966:28:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                           strcat(message, (char *) table[i].data);
data/bopm-3.1.3/src/snprintf.c:865:45:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
          if (fmt_spec == 'p') str_arg_l += sprintf(tmp+str_arg_l, f, ptr_arg);
data/bopm-3.1.3/src/snprintf.c:869:34:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            case 'h': str_arg_l+=sprintf(tmp+str_arg_l, f, int_arg);  break;
data/bopm-3.1.3/src/snprintf.c:870:34:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            case 'l': str_arg_l+=sprintf(tmp+str_arg_l, f, long_arg); break;
data/bopm-3.1.3/src/snprintf.c:872:34:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            case '2': str_arg_l+=sprintf(tmp+str_arg_l,f,long_long_arg); break;
data/bopm-3.1.3/src/snprintf.c:878:34:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            case 'h': str_arg_l+=sprintf(tmp+str_arg_l, f, uint_arg);  break;
data/bopm-3.1.3/src/snprintf.c:879:34:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            case 'l': str_arg_l+=sprintf(tmp+str_arg_l, f, ulong_arg); break;
data/bopm-3.1.3/src/snprintf.c:881:34:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            case '2': str_arg_l+=sprintf(tmp+str_arg_l,f,ulong_long_arg);break;
data/bopm-3.1.3/src/firedns.c:183:4:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
   srand((unsigned int) time(NULL));
data/bopm-3.1.3/src/main.c:90:11:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
      c = getopt(argc, argv, "dc:");
data/bopm-3.1.3/src/config-lexer.c:659:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char linebuf[512];
data/bopm-3.1.3/src/config-lexer.c:1224:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                           yylval.number=atoi(yytext); 
data/bopm-3.1.3/src/config-parser.c:1264:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/bopm-3.1.3/src/config-parser.c:1281:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char yyformat[sizeof yyunexpected
data/bopm-3.1.3/src/config-parser.c:1449:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char yymsgbuf[128];
data/bopm-3.1.3/src/config.c:72:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   if((yyin = fopen(filename, "r")) == NULL)
data/bopm-3.1.3/src/config.h:10:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char linebuf[512];
data/bopm-3.1.3/src/dnsbl.c:61:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char lookup[128];
data/bopm-3.1.3/src/dnsbl.c:110:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char text_type[128];
data/bopm-3.1.3/src/dnsbl.c:237:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buf[4096], cmdbuf[512];
data/bopm-3.1.3/src/firedns.c:103:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char id[2];
data/bopm-3.1.3/src/firedns.c:110:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char lookup[256];
data/bopm-3.1.3/src/firedns.c:128:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char id[2];
data/bopm-3.1.3/src/firedns.c:147:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char payload[512];
data/bopm-3.1.3/src/firedns.c:169:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buf[1024];
data/bopm-3.1.3/src/firedns.c:190:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   f = fopen(FDNS_CONFIG_PREF,"r");
data/bopm-3.1.3/src/firedns.c:193:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      f = fopen(FDNS_CONFIG_FBCK,"r");
data/bopm-3.1.3/src/firedns.c:213:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy(&servers6[i6++],&addr6,sizeof(struct in6_addr));
data/bopm-3.1.3/src/firedns.c:222:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy(&servers4[i4++],&addr4,sizeof(struct in_addr));
data/bopm-3.1.3/src/firedns.c:239:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
               memcpy(&servers6[i6++], &addr6, sizeof(struct in6_addr));
data/bopm-3.1.3/src/firedns.c:247:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
               memcpy(&servers4[i4++],&addr4,sizeof(struct in_addr));
data/bopm-3.1.3/src/firedns.c:409:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&payload[payloadpos],tempchr2,l);
data/bopm-3.1.3/src/firedns.c:419:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&payload[payloadpos],tempchr2,l);
data/bopm-3.1.3/src/firedns.c:426:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(&payload[payloadpos],&l,2);
data/bopm-3.1.3/src/firedns.c:428:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(&payload[payloadpos + 2],&l,2);
data/bopm-3.1.3/src/firedns.c:450:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(h->id, s->id, 2);
data/bopm-3.1.3/src/firedns.c:539:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(addr6.sin6_addr.s6_addr,"\0\0\0\0\0\0\0\0\0\0\xff\xff",12);
data/bopm-3.1.3/src/firedns.c:540:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(&addr6.sin6_addr.s6_addr[12],&servers4[i].s_addr,4);
data/bopm-3.1.3/src/firedns.c:712:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(result.text,&h.payload[i],rr->rdlength);
data/bopm-3.1.3/src/firedns.h:32:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char   s6_addr[16];
data/bopm-3.1.3/src/firedns.h:82:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char text[1024];
data/bopm-3.1.3/src/firedns.h:83:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char lookup[256];
data/bopm-3.1.3/src/inet.c:118:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   static char buf[16];
data/bopm-3.1.3/src/inet.c:215:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"], *tp;
data/bopm-3.1.3/src/inet.c:285:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      tp += sprintf(tp, "%x", words[i]);
data/bopm-3.1.3/src/inet.c:378:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char tmp[INADDRSZ], *tp;
data/bopm-3.1.3/src/inet.c:412:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(dst, tmp, INADDRSZ);
data/bopm-3.1.3/src/inet.c:436:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
data/bopm-3.1.3/src/inet.c:528:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(dst, tmp, IN6ADDRSZ);
data/bopm-3.1.3/src/inet.c:548:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char tmp[HOSTIPLEN];
data/bopm-3.1.3/src/irc.c:105:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char                 IRC_RAW[MSGLENMAX];         /* Buffer to read data into              */
data/bopm-3.1.3/src/irc.c:106:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char                 IRC_SENDBUFF[MSGLENMAX];    /* Send buffer                           */
data/bopm-3.1.3/src/irc.c:107:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char                 IRC_CHANNELS[MSGLENMAX];    /* Stores comma delim list of channels   */
data/bopm-3.1.3/src/irc.c:338:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char    data2[MSGLENMAX];
data/bopm-3.1.3/src/irc.c:339:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char    tosend[MSGLENMAX];
data/bopm-3.1.3/src/irc.c:372:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char    data2[MSGLENMAX];
data/bopm-3.1.3/src/irc.c:373:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char    tosend[MSGLENMAX];
data/bopm-3.1.3/src/irc.c:555:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   static char            *parv[17];
data/bopm-3.1.3/src/irc.c:557:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   static char             msg[MSGLENMAX];    /* Temporarily stores IRC msg to pass to handlers */
data/bopm-3.1.3/src/irc.c:1000:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   static char errmsg[256];
data/bopm-3.1.3/src/irc.c:1003:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char *user[4];
data/bopm-3.1.3/src/libopm/src/inet.c:125:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[16];
data/bopm-3.1.3/src/libopm/src/inet.c:223:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"], *tp;
data/bopm-3.1.3/src/libopm/src/inet.c:282:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        tp += sprintf(tp, "%x", words[i]);
data/bopm-3.1.3/src/libopm/src/inet.c:373:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char tmp[INADDRSZ], *tp;
data/bopm-3.1.3/src/libopm/src/inet.c:401:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, tmp, INADDRSZ);
data/bopm-3.1.3/src/libopm/src/inet.c:425:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
data/bopm-3.1.3/src/libopm/src/inet.c:505:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, tmp, IN6ADDRSZ);
data/bopm-3.1.3/src/libopm/src/inet.c:522:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char tmp[HOSTIPLEN];
data/bopm-3.1.3/src/libopm/src/libopm.h:37:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char               readbuf[READBUFLEN + 1]; /* 128 byte read buffer, anything over 128 is probably not of use */
data/bopm-3.1.3/src/libopm/src/proxy.c:45:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char SENDBUF[SENDBUFLEN + 1];
data/bopm-3.1.3/src/libopm/src/snprintf.c:371:32:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    if (nn >= breakeven_point) memcpy((d), (s), nn); \
data/bopm-3.1.3/src/libopm/src/snprintf.c:581:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char tmp[32];/* temporary buffer for simple numeric->string conversion */
data/bopm-3.1.3/src/libopm/src/snprintf.c:859:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char f[5]; int f_l = 0;
data/bopm-3.1.3/src/log.c:49:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   logfile = fopen(filename, "a");
data/bopm-3.1.3/src/log.c:66:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   scanlogfile = fopen(filename, "a");
data/bopm-3.1.3/src/log.c:82:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char data2[513];
data/bopm-3.1.3/src/log.c:83:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buf_present[25];
data/bopm-3.1.3/src/main.c:78:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char spid[16];
data/bopm-3.1.3/src/main.c:166:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   pidout = fopen(OptionsItem->pidfile, "w");
data/bopm-3.1.3/src/misc.c:46:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   static char buf[64];
data/bopm-3.1.3/src/scan.c:355:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   static char mask[MSGLENMAX];
data/bopm-3.1.3/src/scan.c:356:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   static char ipmask[MSGLENMAX];
data/bopm-3.1.3/src/scan.c:476:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   ss->irc_nick = (char *) DupString(user[0]);
data/bopm-3.1.3/src/scan.c:477:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   ss->irc_username = (char *) DupString(user[1]);
data/bopm-3.1.3/src/scan.c:478:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   ss->irc_hostname = (char *) DupString(user[2]);
data/bopm-3.1.3/src/scan.c:479:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   ss->ip = (char *) DupString(user[3]);
data/bopm-3.1.3/src/scan.c:905:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char message[MSGLENMAX];  /* OUTPUT */
data/bopm-3.1.3/src/scan.c:959:41:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        size = strlen( (char *) table[i].data);
data/bopm-3.1.3/src/scan.c:966:45:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                           strcat(message, (char *) table[i].data);
data/bopm-3.1.3/src/scan.c:1164:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buf_present[25];
data/bopm-3.1.3/src/snprintf.c:371:32:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    if (nn >= breakeven_point) memcpy((d), (s), nn); \
data/bopm-3.1.3/src/snprintf.c:581:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char tmp[32];/* temporary buffer for simple numeric->string conversion */
data/bopm-3.1.3/src/snprintf.c:859:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char f[5]; int f_l = 0;
data/bopm-3.1.3/src/config-lexer.c:732:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/bopm-3.1.3/src/config-lexer.c:2005:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return yy_scan_bytes(yystr,strlen(yystr) );
data/bopm-3.1.3/src/config-parser.c:1145:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#   define yystrlen strlen
data/bopm-3.1.3/src/dnsbl.c:123:13:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
            strncat(text_type, item->type, sizeof(text_type) - strlen(text_type) - 2);
data/bopm-3.1.3/src/dnsbl.c:123:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strncat(text_type, item->type, sizeof(text_type) - strlen(text_type) - 2);
data/bopm-3.1.3/src/dnsbl.c:125:13:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
            strncat(text_type, ", ", sizeof(text_type) - strlen(text_type) - 1);
data/bopm-3.1.3/src/dnsbl.c:125:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strncat(text_type, ", ", sizeof(text_type) - strlen(text_type) - 1);
data/bopm-3.1.3/src/dnsbl.c:139:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(text_type, item->type, sizeof(text_type));
data/bopm-3.1.3/src/dnsbl.c:196:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    (strlen(ds->ss->ip) < strlen(res->lookup))
data/bopm-3.1.3/src/dnsbl.c:196:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    (strlen(ds->ss->ip) < strlen(res->lookup))
data/bopm-3.1.3/src/dnsbl.c:197:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						   ? (res->lookup + strlen(ds->ss->ip) + 1)
data/bopm-3.1.3/src/dnsbl.c:243:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if(strlen(OpmItem->dnsbl_to) == 0 || strlen(OpmItem->dnsbl_from) == 0 || strlen(OpmItem->sendmail) == 0)
data/bopm-3.1.3/src/dnsbl.c:243:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if(strlen(OpmItem->dnsbl_to) == 0 || strlen(OpmItem->dnsbl_from) == 0 || strlen(OpmItem->sendmail) == 0)
data/bopm-3.1.3/src/dnsbl.c:243:77:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if(strlen(OpmItem->dnsbl_to) == 0 || strlen(OpmItem->dnsbl_from) == 0 || strlen(OpmItem->sendmail) == 0)
data/bopm-3.1.3/src/firedns.c:326:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
   strncpy(s->lookup, name, 256);
data/bopm-3.1.3/src/firedns.c:413:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   l = strlen(tempchr2);
data/bopm-3.1.3/src/firedns.c:604:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
   strncpy(result.lookup, c->lookup, 256);
data/bopm-3.1.3/src/firedns.c:763:10:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
         strncpy(new_result.lookup, p->lookup, 256);
data/bopm-3.1.3/src/inet.c:282:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         tp += strlen(tp);
data/bopm-3.1.3/src/irc.c:275:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if (strlen(IRCItem->vhost) > 0)
data/bopm-3.1.3/src/irc.c:350:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if (send(IRC_FD, tosend, strlen(tosend), 0) == -1)
data/bopm-3.1.3/src/irc.c:436:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if(strlen(IRCItem->password) > 0)
data/bopm-3.1.3/src/irc.c:499:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
   while ((len = read(IRC_FD, &c, 1)) > 0)
data/bopm-3.1.3/src/irc.c:723:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   len = strlen(tmp);
data/bopm-3.1.3/src/irc.c:810:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if(strlen(IRCItem->nickserv))
data/bopm-3.1.3/src/irc.c:831:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if(strlen(channel->name) == 0)
data/bopm-3.1.3/src/irc.c:834:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if(strlen(channel->key) > 0)
data/bopm-3.1.3/src/irc.c:937:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if(nick_len < 3 && strlen(IRCItem->nick) >= 3)
data/bopm-3.1.3/src/irc.c:1123:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if(strlen(channel->invite) == 0)
data/bopm-3.1.3/src/libopm/src/inet.c:279:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            tp += strlen(tp);
data/bopm-3.1.3/src/libopm/src/libopm.c:1214:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      switch (read(conn->fd, &c, 1))
data/bopm-3.1.3/src/libopm/src/proxy.c:55:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if(send(conn->fd, SENDBUF, strlen(SENDBUF), 0) == -1)
data/bopm-3.1.3/src/libopm/src/snprintf.c:567:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t n = !q ? strlen(p) : (q-p);
data/bopm-3.1.3/src/libopm/src/snprintf.c:709:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          else if (!precision_specified) str_arg_l = strlen(str_arg);
data/bopm-3.1.3/src/main.c:110:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   lenc = strlen(CONFDIR) + strlen(CONFNAME) + strlen(CONFEXT) + 3;
data/bopm-3.1.3/src/main.c:110:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   lenc = strlen(CONFDIR) + strlen(CONFNAME) + strlen(CONFEXT) + 3;
data/bopm-3.1.3/src/main.c:110:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   lenc = strlen(CONFDIR) + strlen(CONFNAME) + strlen(CONFEXT) + 3;
data/bopm-3.1.3/src/main.c:111:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   lenl = strlen(LOGDIR) + strlen(CONFNAME) + strlen(LOGEXT) + 3;
data/bopm-3.1.3/src/main.c:111:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   lenl = strlen(LOGDIR) + strlen(CONFNAME) + strlen(LOGEXT) + 3;
data/bopm-3.1.3/src/main.c:111:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   lenl = strlen(LOGDIR) + strlen(CONFNAME) + strlen(LOGEXT) + 3;
data/bopm-3.1.3/src/main.c:112:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   lenp = strlen(LOGDIR) + strlen(CONFNAME) + strlen(PIDEXT) + 3;
data/bopm-3.1.3/src/main.c:112:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   lenp = strlen(LOGDIR) + strlen(CONFNAME) + strlen(PIDEXT) + 3;
data/bopm-3.1.3/src/main.c:112:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   lenp = strlen(LOGDIR) + strlen(CONFNAME) + strlen(PIDEXT) + 3;
data/bopm-3.1.3/src/main.c:143:7:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
      umask(002);
data/bopm-3.1.3/src/main.c:171:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      fwrite(spid, sizeof(char), strlen(spid), pidout);
data/bopm-3.1.3/src/malloc.c:77:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   x = malloc(strlen(y) + 1);
data/bopm-3.1.3/src/misc.c:153:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if (strlen(str) <= 1)
data/bopm-3.1.3/src/misc.c:156:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   for (i = 0; i < strlen(str); i++)
data/bopm-3.1.3/src/scan.c:959:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        size = strlen( (char *) table[i].data);
data/bopm-3.1.3/src/snprintf.c:567:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t n = !q ? strlen(p) : (q-p);
data/bopm-3.1.3/src/snprintf.c:709:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          else if (!precision_specified) str_arg_l = strlen(str_arg);

ANALYSIS SUMMARY:

Hits = 177
Lines analyzed = 17402 in approximately 0.47 seconds (37267 lines/second)
Physical Source Lines of Code (SLOC) = 10428
Hits@level = [0]  47 [1]  51 [2]  84 [3]   2 [4]  38 [5]   2
Hits@level+ = [0+] 224 [1+] 177 [2+] 126 [3+]  42 [4+]  40 [5+]   2
Hits/KSLOC@level+ = [0+] 21.4806 [1+] 16.9735 [2+] 12.0829 [3+] 4.02762 [4+] 3.83583 [5+] 0.191791
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.