Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cacti-spine-1.2.12/poller.h
Examining data/cacti-spine-1.2.12/spine.h
Examining data/cacti-spine-1.2.12/util.c
Examining data/cacti-spine-1.2.12/sql.c
Examining data/cacti-spine-1.2.12/poller.c
Examining data/cacti-spine-1.2.12/locks.h
Examining data/cacti-spine-1.2.12/snmp.h
Examining data/cacti-spine-1.2.12/snmp.c
Examining data/cacti-spine-1.2.12/nft_popen.c
Examining data/cacti-spine-1.2.12/locks.c
Examining data/cacti-spine-1.2.12/ping.h
Examining data/cacti-spine-1.2.12/php.h
Examining data/cacti-spine-1.2.12/ping.c
Examining data/cacti-spine-1.2.12/keywords.c
Examining data/cacti-spine-1.2.12/nft_popen.h
Examining data/cacti-spine-1.2.12/spine.c
Examining data/cacti-spine-1.2.12/sql.h
Examining data/cacti-spine-1.2.12/keywords.h
Examining data/cacti-spine-1.2.12/error.c
Examining data/cacti-spine-1.2.12/error.h
Examining data/cacti-spine-1.2.12/php.c
Examining data/cacti-spine-1.2.12/common.h
Examining data/cacti-spine-1.2.12/util.h
FINAL RESULTS:
data/cacti-spine-1.2.12/util.c:1149:2: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(flogmessage, logprefix, sizeof(flogmessage) - 1);
data/cacti-spine-1.2.12/locks.c:54:19: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
DEFINE_SPINE_LOCK(syslog)
data/cacti-spine-1.2.12/php.c:384:5: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(argv[0], argv);
data/cacti-spine-1.2.12/ping.c:1017:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cleaned_hostname, hostname);
data/cacti-spine-1.2.12/poller.c:1698:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tbuffer, SMALL_BUFSIZE, *buf_errors > 0 ? ", %i" : "%i", local_data_id);
data/cacti-spine-1.2.12/poller.c:1756:61: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void get_system_information(host_t *host, MYSQL *mysql, int system) {
data/cacti-spine-1.2.12/poller.c:1761:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (set.mibs || system) {
data/cacti-spine-1.2.12/poller.c:1923:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fd = popen((char *)proc_command, "r");
data/cacti-spine-1.2.12/poller.h:37:68: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
extern void get_system_information(host_t *host, MYSQL *mysql, int system);
data/cacti-spine-1.2.12/spine.c:600:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
qp += sprintf(qp, " AND id IN(%s)", set.host_id_list);
data/cacti-spine-1.2.12/sql.c:355:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
return sprintf(obuf, " AND %s BETWEEN %d AND %d",
data/cacti-spine-1.2.12/util.c:98:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(qstring, "SELECT value FROM settings WHERE name = '%s'", setting);
data/cacti-spine-1.2.12/util.c:154:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(qstring, "SELECT %s FROM poller WHERE id = '%d'", setting, set.poller_id);
data/cacti-spine-1.2.12/util.c:248:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(qstring, "SHOW GLOBAL VARIABLES LIKE '%s'", setting);
data/cacti-spine-1.2.12/util.c:623:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, " AND host_id IN(%s)", set.host_id_list);
data/cacti-spine-1.2.12/util.c:737:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "%s", prefix);
data/cacti-spine-1.2.12/util.c:743:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "%s, ", row[0]); // id
data/cacti-spine-1.2.12/util.c:746:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "'%s', ", tmpstr);
data/cacti-spine-1.2.12/util.c:748:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "'%s', ", tmpstr);
data/cacti-spine-1.2.12/util.c:750:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "'%s', ", tmpstr);
data/cacti-spine-1.2.12/util.c:752:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "'%s', ", tmpstr);
data/cacti-spine-1.2.12/util.c:754:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "'%s', ", tmpstr);
data/cacti-spine-1.2.12/util.c:756:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "'%s', ", tmpstr);
data/cacti-spine-1.2.12/util.c:758:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "'%s', ", tmpstr);
data/cacti-spine-1.2.12/util.c:760:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "%s, ", row[8]); // status_event_count
data/cacti-spine-1.2.12/util.c:763:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "'%s', ", tmpstr);
data/cacti-spine-1.2.12/util.c:765:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "'%s', ", tmpstr);
data/cacti-spine-1.2.12/util.c:767:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "'%s', ", tmpstr);
data/cacti-spine-1.2.12/util.c:769:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "%s, ", row[12]); // min_time
data/cacti-spine-1.2.12/util.c:770:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "%s, ", row[13]); // max_time
data/cacti-spine-1.2.12/util.c:771:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "%s, ", row[14]); // cur_time
data/cacti-spine-1.2.12/util.c:772:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "%s, ", row[15]); // avg_time
data/cacti-spine-1.2.12/util.c:773:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "%s, ", row[16]); // polling_time
data/cacti-spine-1.2.12/util.c:774:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "%s, ", row[17]); // total_polls
data/cacti-spine-1.2.12/util.c:775:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "%s, ", row[18]); // failed_polls
data/cacti-spine-1.2.12/util.c:776:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "%s, ", row[19]); // availability
data/cacti-spine-1.2.12/util.c:779:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "'%s'", tmpstr);
data/cacti-spine-1.2.12/util.c:785:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "%s", suffix);
data/cacti-spine-1.2.12/util.c:794:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "%s", suffix);
data/cacti-spine-1.2.12/util.c:821:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "%s", prefix);
data/cacti-spine-1.2.12/util.c:827:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "%s, ", row[0]); // local_data_id
data/cacti-spine-1.2.12/util.c:828:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "%s, ", row[1]); // host_id
data/cacti-spine-1.2.12/util.c:831:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "'%s', ", tmpstr);
data/cacti-spine-1.2.12/util.c:833:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "%s, ", row[3]); // rrd_step
data/cacti-spine-1.2.12/util.c:834:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "%s", row[4]); // rrd_next_step
data/cacti-spine-1.2.12/util.c:840:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "%s", suffix);
data/cacti-spine-1.2.12/util.c:849:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sqlp += sprintf(sqlp, "%s", suffix);
data/cacti-spine-1.2.12/util.c:981:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(logmessage, format, args);
data/cacti-spine-1.2.12/util.c:987:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logmessage,perr);
data/cacti-spine-1.2.12/util.c:1096:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(ulogmessage, LOGSIZE - 1, format, args);
data/cacti-spine-1.2.12/util.h:41:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/cacti-spine-1.2.12/util.h:45:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/cacti-spine-1.2.12/keywords.c:128:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(word);
data/cacti-spine-1.2.12/nft_popen.c:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4];
data/cacti-spine-1.2.12/nft_popen.c:151:16: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
switch (pid = vfork()) {
data/cacti-spine-1.2.12/php.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[BUFSIZE];
data/cacti-spine-1.2.12/php.c:283:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char poller_id[TINY_BUFSIZE];
data/cacti-spine-1.2.12/php.c:284:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[6];
data/cacti-spine-1.2.12/php.c:330:9: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
pid = vfork();
data/cacti-spine-1.2.12/ping.c:266:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char socket_reply[BUFSIZE];
data/cacti-spine-1.2.12/ping.c:364:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet+ICMP_HDR_SIZE, cacti_msg, strlen(cacti_msg));
data/cacti-spine-1.2.12/ping.c:574:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char socket_reply[BUFSIZE];
data/cacti-spine-1.2.12/ping.c:576:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char request[BUFSIZE];
data/cacti-spine-1.2.12/ping.c:858:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrstr[255];
data/cacti-spine-1.2.12/ping.c:1010:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cleaned_hostname, hostname+4, strlen(hostname)-4);
data/cacti-spine-1.2.12/ping.c:1014:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cleaned_hostname, hostname+5, strlen(hostname)-5);
data/cacti-spine-1.2.12/ping.c:1071:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_date[40];
data/cacti-spine-1.2.12/poller.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host_time[SMALL_BUFSIZE];
data/cacti-spine-1.2.12/poller.c:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query1[BUFSIZE];
data/cacti-spine-1.2.12/poller.c:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query2[BIG_BUFSIZE];
data/cacti-spine-1.2.12/poller.c:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query4[BUFSIZE];
data/cacti-spine-1.2.12/poller.c:129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query5[BUFSIZE];
data/cacti-spine-1.2.12/poller.c:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query6[BUFSIZE];
data/cacti-spine-1.2.12/poller.c:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query8[BUFSIZE];
data/cacti-spine-1.2.12/poller.c:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query9[BUFSIZE];
data/cacti-spine-1.2.12/poller.c:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query10[BUFSIZE];
data/cacti-spine-1.2.12/poller.c:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query11[BUFSIZE];
data/cacti-spine-1.2.12/poller.c:136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char posuffix[BUFSIZE];
data/cacti-spine-1.2.12/poller.c:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sysUptime[BUFSIZE];
data/cacti-spine-1.2.12/poller.c:138:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result_string[RESULTS_BUFFER+SMALL_BUFSIZE];
data/cacti-spine-1.2.12/poller.c:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_result[RESULTS_BUFFER];
data/cacti-spine-1.2.12/poller.c:161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char update_sql[BIG_BUFSIZE];
data/cacti-spine-1.2.12/poller.c:162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_poll_result[BUFSIZE];
data/cacti-spine-1.2.12/poller.c:163:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_arg1[BUFSIZE];
data/cacti-spine-1.2.12/poller.c:164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char limits[SMALL_BUFSIZE];
data/cacti-spine-1.2.12/poller.c:169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_snmp_community[50];
data/cacti-spine-1.2.12/poller.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_snmp_username[50];
data/cacti-spine-1.2.12/poller.c:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_snmp_password[50];
data/cacti-spine-1.2.12/poller.c:172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_snmp_auth_protocol[5];
data/cacti-spine-1.2.12/poller.c:173:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_snmp_priv_passphrase[200];
data/cacti-spine-1.2.12/poller.c:174:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_snmp_priv_protocol[7];
data/cacti-spine-1.2.12/poller.c:175:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_snmp_context[65];
data/cacti-spine-1.2.12/poller.c:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_snmp_engine_id[30];
data/cacti-spine-1.2.12/poller.c:479:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[0] != NULL) host->id = atoi(row[0]);
data/cacti-spine-1.2.12/poller.c:484:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[3] != NULL) host->snmp_version = atoi(row[3]);
data/cacti-spine-1.2.12/poller.c:494:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[11] != NULL) host->snmp_port = atoi(row[11]);
data/cacti-spine-1.2.12/poller.c:495:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[12] != NULL) host->snmp_timeout = atoi(row[12]);
data/cacti-spine-1.2.12/poller.c:496:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[13] != NULL) host->max_oids = atoi(row[13]);
data/cacti-spine-1.2.12/poller.c:498:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[14] != NULL) host->availability_method = atoi(row[14]);
data/cacti-spine-1.2.12/poller.c:499:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[15] != NULL) host->ping_method = atoi(row[15]);
data/cacti-spine-1.2.12/poller.c:500:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[16] != NULL) host->ping_port = atoi(row[16]);
data/cacti-spine-1.2.12/poller.c:501:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[17] != NULL) host->ping_timeout = atoi(row[17]);
data/cacti-spine-1.2.12/poller.c:502:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[18] != NULL) host->ping_retries = atoi(row[18]);
data/cacti-spine-1.2.12/poller.c:504:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[19] != NULL) host->status = atoi(row[19]);
data/cacti-spine-1.2.12/poller.c:505:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[20] != NULL) host->status_event_count = atoi(row[20]);
data/cacti-spine-1.2.12/poller.c:516:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[28] != NULL) host->total_polls = atoi(row[28]);
data/cacti-spine-1.2.12/poller.c:517:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[29] != NULL) host->failed_polls = atoi(row[29]);
data/cacti-spine-1.2.12/poller.c:520:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[31] != NULL) host->snmp_sysUpTimeInstance=atoi(row[31]);
data/cacti-spine-1.2.12/poller.c:708:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[0] != NULL) reindex->data_query_id = atoi(row[0]);
data/cacti-spine-1.2.12/poller.c:709:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[1] != NULL) reindex->action = atoi(row[1]);
data/cacti-spine-1.2.12/poller.c:819:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(poll_result, "%d", char_count(php_cmd(reindex->arg1, php_process), '\n'));
data/cacti-spine-1.2.12/poller.c:1033:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[0] != NULL) poller_items[i].action = atoi(row[0]);
data/cacti-spine-1.2.12/poller.c:1038:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[3] != NULL) poller_items[i].snmp_version = atoi(row[3]);
data/cacti-spine-1.2.12/poller.c:1049:57: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[11] != NULL) poller_items[i].local_data_id = atoi(row[11]);
data/cacti-spine-1.2.12/poller.c:1051:57: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[12] != NULL) poller_items[i].rrd_num = atoi(row[12]);
data/cacti-spine-1.2.12/poller.c:1052:57: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[13] != NULL) poller_items[i].snmp_port = atoi(row[13]);
data/cacti-spine-1.2.12/poller.c:1053:57: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (row[14] != NULL) poller_items[i].snmp_timeout = atoi(row[14]);
data/cacti-spine-1.2.12/poller.c:1693:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuffer[SMALL_BUFSIZE];
data/cacti-spine-1.2.12/poller.c:1791:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
host->snmp_sysUpTimeInstance = atoi(poll_result);
data/cacti-spine-1.2.12/poller.c:1833:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
host->snmp_sysUpTimeInstance = atoi(poll_result);
data/cacti-spine-1.2.12/snmp.c:124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostnameport[BUFSIZE];
data/cacti-spine-1.2.12/snmp.c:331:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_result[RESULTS_BUFFER];
data/cacti-spine-1.2.12/snmp.c:428:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_result[RESULTS_BUFFER];
data/cacti-spine-1.2.12/snmp.c:648:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_result[RESULTS_BUFFER];
data/cacti-spine-1.2.12/spine.c:109:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_paths[CONFIG_PATHS][BUFSIZE];
data/cacti-spine-1.2.12/spine.c:194:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char querybuf[MEGA_BUFSIZE], *qp = querybuf;
data/cacti-spine-1.2.12/spine.c:327:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set.start_host_id = atoi(opt = getarg(opt, &argv));
data/cacti-spine-1.2.12/spine.c:339:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set.end_host_id = atoi(opt = getarg(opt, &argv));
data/cacti-spine-1.2.12/spine.c:347:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set.poller_id = atoi(getarg(opt, &argv));
data/cacti-spine-1.2.12/spine.c:420:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set.start_host_id = atoi(arg);
data/cacti-spine-1.2.12/spine.c:424:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set.end_host_id = atoi(arg);
data/cacti-spine-1.2.12/spine.c:502:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_devices[i] = atoi(token);
data/cacti-spine-1.2.12/spine.c:592:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
qp += sprintf(qp, "SELECT id, device_threads FROM host");
data/cacti-spine-1.2.12/spine.c:594:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
qp += sprintf(qp, "SELECT id, '1' as device_threads FROM host");
data/cacti-spine-1.2.12/spine.c:596:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
qp += sprintf(qp, " WHERE disabled=''");
data/cacti-spine-1.2.12/spine.c:603:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
qp += sprintf(qp, " AND host.poller_id=%i", set.poller_id);
data/cacti-spine-1.2.12/spine.c:605:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
qp += sprintf(qp, " ORDER BY polling_time DESC");
data/cacti-spine-1.2.12/spine.c:679:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
host_id = atoi(mysql_row[0]);
data/cacti-spine-1.2.12/spine.c:680:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
device_threads = atoi(mysql_row[1]);
data/cacti-spine-1.2.12/spine.c:695:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
total_items = atoi(mysql_row[0]);
data/cacti-spine-1.2.12/spine.c:711:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
itemsPT = atoi(mysql_row[0]);
data/cacti-spine-1.2.12/spine.h:350:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host_id_list[BIG_BUFSIZE];
data/cacti-spine-1.2.12/spine.h:352:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_host[SMALL_BUFSIZE];
data/cacti-spine-1.2.12/spine.h:353:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_db[SMALL_BUFSIZE];
data/cacti-spine-1.2.12/spine.h:354:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_user[SMALL_BUFSIZE];
data/cacti-spine-1.2.12/spine.h:355:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_pass[SMALL_BUFSIZE];
data/cacti-spine-1.2.12/spine.h:357:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_ssl_key[BIG_BUFSIZE];
data/cacti-spine-1.2.12/spine.h:358:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_ssl_cert[BIG_BUFSIZE];
data/cacti-spine-1.2.12/spine.h:359:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_ssl_ca[BIG_BUFSIZE];
data/cacti-spine-1.2.12/spine.h:364:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_logfile[BUFSIZE];
data/cacti-spine-1.2.12/spine.h:365:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_php[BUFSIZE];
data/cacti-spine-1.2.12/spine.h:366:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_php_server[BUFSIZE];
data/cacti-spine-1.2.12/spine.h:373:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char selective_device_debug[SMALL_BUFSIZE];
data/cacti-spine-1.2.12/spine.h:388:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_clientaddr[SMALL_BUFSIZE];
data/cacti-spine-1.2.12/spine.h:403:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rdb_host[SMALL_BUFSIZE];
data/cacti-spine-1.2.12/spine.h:404:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rdb_db[SMALL_BUFSIZE];
data/cacti-spine-1.2.12/spine.h:405:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rdb_user[SMALL_BUFSIZE];
data/cacti-spine-1.2.12/spine.h:406:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rdb_pass[SMALL_BUFSIZE];
data/cacti-spine-1.2.12/spine.h:408:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rdb_ssl_key[BIG_BUFSIZE];
data/cacti-spine-1.2.12/spine.h:409:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rdb_ssl_cert[BIG_BUFSIZE];
data/cacti-spine-1.2.12/spine.h:410:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rdb_ssl_ca[BIG_BUFSIZE];
data/cacti-spine-1.2.12/spine.h:423:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[RESULTS_BUFFER];
data/cacti-spine-1.2.12/spine.h:426:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[256];
data/cacti-spine-1.2.12/spine.h:427:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[250];
data/cacti-spine-1.2.12/spine.h:428:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_community[100];
data/cacti-spine-1.2.12/spine.h:430:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_username[50];
data/cacti-spine-1.2.12/spine.h:431:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_password[50];
data/cacti-spine-1.2.12/spine.h:432:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_auth_protocol[5];
data/cacti-spine-1.2.12/spine.h:433:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_priv_passphrase[200];
data/cacti-spine-1.2.12/spine.h:434:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_priv_protocol[7];
data/cacti-spine-1.2.12/spine.h:435:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_context[65];
data/cacti-spine-1.2.12/spine.h:436:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_engine_id[30];
data/cacti-spine-1.2.12/spine.h:444:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rrd_name[30];
data/cacti-spine-1.2.12/spine.h:445:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rrd_path[255];
data/cacti-spine-1.2.12/spine.h:447:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg1[512];
data/cacti-spine-1.2.12/spine.h:448:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg2[255];
data/cacti-spine-1.2.12/spine.h:449:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg3[255];
data/cacti-spine-1.2.12/spine.h:459:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oid[512];
data/cacti-spine-1.2.12/spine.h:460:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[RESULTS_BUFFER];
data/cacti-spine-1.2.12/spine.h:500:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[250];
data/cacti-spine-1.2.12/spine.h:501:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_community[100];
data/cacti-spine-1.2.12/spine.h:503:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_username[50];
data/cacti-spine-1.2.12/spine.h:504:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_password[50];
data/cacti-spine-1.2.12/spine.h:505:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_auth_protocol[5];
data/cacti-spine-1.2.12/spine.h:506:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_priv_passphrase[200];
data/cacti-spine-1.2.12/spine.h:507:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_priv_protocol[7];
data/cacti-spine-1.2.12/spine.h:508:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_context[65];
data/cacti-spine-1.2.12/spine.h:509:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_engine_id[30];
data/cacti-spine-1.2.12/spine.h:513:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_sysDescr[600];
data/cacti-spine-1.2.12/spine.h:514:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_sysObjectID[160];
data/cacti-spine-1.2.12/spine.h:516:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_sysContact[300];
data/cacti-spine-1.2.12/spine.h:517:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_sysName[300];
data/cacti-spine-1.2.12/spine.h:518:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_sysLocation[600];
data/cacti-spine-1.2.12/spine.h:527:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status_fail_date[40];
data/cacti-spine-1.2.12/spine.h:528:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status_rec_date[40];
data/cacti-spine-1.2.12/spine.h:529:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status_last_error[BUFSIZE];
data/cacti-spine-1.2.12/spine.h:548:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char op[4];
data/cacti-spine-1.2.12/spine.h:549:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char assert_value[100];
data/cacti-spine-1.2.12/spine.h:550:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg1[512];
data/cacti-spine-1.2.12/spine.h:561:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[SMALL_BUFSIZE];
data/cacti-spine-1.2.12/spine.h:562:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ping_status[50];
data/cacti-spine-1.2.12/spine.h:563:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ping_response[SMALL_BUFSIZE];
data/cacti-spine-1.2.12/spine.h:564:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_status[50];
data/cacti-spine-1.2.12/spine.h:565:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_response[SMALL_BUFSIZE];
data/cacti-spine-1.2.12/spine.h:583:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char start_datetime[20];
data/cacti-spine-1.2.12/spine.h:584:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char config_paths[CONFIG_PATHS][BUFSIZE];
data/cacti-spine-1.2.12/sql.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query_frag[LRG_BUFSIZE];
data/cacti-spine-1.2.12/sql.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query_frag[LRG_BUFSIZE];
data/cacti-spine-1.2.12/sql.c:379:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_trimmed[BUFSIZE];
data/cacti-spine-1.2.12/util.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qstring[256];
data/cacti-spine-1.2.12/util.c:136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qstring[256];
data/cacti-spine-1.2.12/util.c:231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qstring[256];
data/cacti-spine-1.2.12/util.c:304:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char web_root[BUFSIZE];
data/cacti-spine-1.2.12/util.c:305:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sqlbuf[SMALL_BUFSIZE], *sqlp = sqlbuf;
data/cacti-spine-1.2.12/util.c:320:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set.dbversion = atoi(res);
data/cacti-spine-1.2.12/util.c:326:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int n = atoi(res);
data/cacti-spine-1.2.12/util.c:356:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set.log_datetime_separator = atoi(res);
data/cacti-spine-1.2.12/util.c:366:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set.log_datetime_separator = atoi(res);
data/cacti-spine-1.2.12/util.c:405:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set.availability_method = atoi(res);
data/cacti-spine-1.2.12/util.c:414:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set.ping_recovery_count = atoi(res);
data/cacti-spine-1.2.12/util.c:423:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set.ping_failure_count = atoi(res);
data/cacti-spine-1.2.12/util.c:432:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set.ping_method = atoi(res);
data/cacti-spine-1.2.12/util.c:441:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set.ping_retries = atoi(res);
data/cacti-spine-1.2.12/util.c:450:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set.ping_timeout = atoi(res);
data/cacti-spine-1.2.12/util.c:461:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set.snmp_retries = atoi(res);
data/cacti-spine-1.2.12/util.c:502:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set.threads = atoi(res);
data/cacti-spine-1.2.12/util.c:514:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set.poller_interval = atoi(res);
data/cacti-spine-1.2.12/util.c:529:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set.num_parent_processes = atoi(res);
data/cacti-spine-1.2.12/util.c:540:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set.script_timeout = atoi(res);
data/cacti-spine-1.2.12/util.c:563:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set.spine_log_level = atoi(res);
data/cacti-spine-1.2.12/util.c:572:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set.php_servers = atoi(res);
data/cacti-spine-1.2.12/util.c:601:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sqlp += sprintf(sqlp, "SELECT action FROM poller_item");
data/cacti-spine-1.2.12/util.c:602:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sqlp += sprintf(sqlp, " WHERE action=%d", POLLER_ACTION_PHP_SCRIPT_SERVER);
data/cacti-spine-1.2.12/util.c:605:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sqlp += sprintf(sqlp, " AND poller_id=%i", set.poller_id);
data/cacti-spine-1.2.12/util.c:607:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sqlp += sprintf(sqlp, " LIMIT 1");
data/cacti-spine-1.2.12/util.c:621:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sqlp += sprintf(sqlp, "SELECT action FROM poller_item");
data/cacti-spine-1.2.12/util.c:622:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sqlp += sprintf(sqlp, " WHERE action=%d", POLLER_ACTION_PHP_SCRIPT_SERVER);
data/cacti-spine-1.2.12/util.c:625:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sqlp += sprintf(sqlp, " AND poller_id=%i", set.poller_id);
data/cacti-spine-1.2.12/util.c:627:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sqlp += sprintf(sqlp, " LIMIT 1");
data/cacti-spine-1.2.12/util.c:647:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set.snmp_max_get_size = atoi(res);
data/cacti-spine-1.2.12/util.c:674:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sqlbuf[MEGA_BUFSIZE];
data/cacti-spine-1.2.12/util.c:676:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[BUFSIZE];
data/cacti-spine-1.2.12/util.c:677:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[BUFSIZE];
data/cacti-spine-1.2.12/util.c:678:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[BUFSIZE];
data/cacti-spine-1.2.12/util.c:679:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[SMALL_BUFSIZE];
data/cacti-spine-1.2.12/util.c:738:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sqlp += sprintf(sqlp, " (");
data/cacti-spine-1.2.12/util.c:740:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sqlp += sprintf(sqlp, ", (");
data/cacti-spine-1.2.12/util.c:822:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sqlp += sprintf(sqlp, " (");
data/cacti-spine-1.2.12/util.c:824:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sqlp += sprintf(sqlp, ", (");
data/cacti-spine-1.2.12/util.c:870:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[BUFSIZE];
data/cacti-spine-1.2.12/util.c:872:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p1[BUFSIZE];
data/cacti-spine-1.2.12/util.c:873:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p2[BUFSIZE];
data/cacti-spine-1.2.12/util.c:875:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file, "rb")) == NULL) {
data/cacti-spine-1.2.12/util.c:896:67: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (STRIMATCH(p1, "RDB_Port")) set.rdb_port = atoi(p2);
data/cacti-spine-1.2.12/util.c:897:67: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (STRIMATCH(p1, "RDB_UseSSL")) set.rdb_ssl = atoi(p2);
data/cacti-spine-1.2.12/util.c:905:66: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (STRIMATCH(p1, "DB_Port")) set.db_port = atoi(p2);
data/cacti-spine-1.2.12/util.c:906:66: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (STRIMATCH(p1, "DB_UseSSL")) set.db_ssl = atoi(p2);
data/cacti-spine-1.2.12/util.c:910:65: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (STRIMATCH(p1, "Poller")) set.poller_id = atoi(p2);
data/cacti-spine-1.2.12/util.c:976:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logmessage[BUFSIZE];
data/cacti-spine-1.2.12/util.c:977:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flogmessage[BUFSIZE];
data/cacti-spine-1.2.12/util.c:985:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char perr[BUFSIZE];
data/cacti-spine-1.2.12/util.c:1091:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logprefix[SMALL_BUFSIZE]; /* Formatted Log Prefix */
data/cacti-spine-1.2.12/util.c:1092:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ulogmessage[LOGSIZE]; /* Un-Formatted Log Message */
data/cacti-spine-1.2.12/util.c:1093:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flogmessage[LOGSIZE]; /* Formatted Log Message */
data/cacti-spine-1.2.12/util.c:1182:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_file = fopen(set.path_logfile, "w");
data/cacti-spine-1.2.12/util.c:1184:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_file = fopen(set.path_logfile, "a");
data/cacti-spine-1.2.12/nft_popen.c:159:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/cacti-spine-1.2.12/nft_popen.c:170:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/cacti-spine-1.2.12/php.c:77:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes = write(php_processes[php_process].php_write_fd, command, strlen(command));
data/cacti-spine-1.2.12/php.c:96:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(result_string)) {
data/cacti-spine-1.2.12/php.c:192:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(2000);
data/cacti-spine-1.2.12/php.c:238:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i = read(php_processes[php_process].php_read_fd, bptr, RESULTS_BUFFER-(bptr-result_string));
data/cacti-spine-1.2.12/php.c:341:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/cacti-spine-1.2.12/php.c:352:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/cacti-spine-1.2.12/php.c:492:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes = write(phpp->php_write_fd, quit, strlen(quit));
data/cacti-spine-1.2.12/php.c:499:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000); /* 50 msec */
data/cacti-spine-1.2.12/ping.c:99:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(host->snmp_community) == 0) && (host->snmp_version < 3)) {
data/cacti-spine-1.2.12/ping.c:113:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(host->snmp_community) == 0) && (host->snmp_version < 3)) {
data/cacti-spine-1.2.12/ping.c:175:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(host->snmp_community) != 0) || (host->snmp_version == 3)) {
data/cacti-spine-1.2.12/ping.c:303:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000);
data/cacti-spine-1.2.12/ping.c:341:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
packet_len = ICMP_HDR_SIZE + strlen(cacti_msg);
data/cacti-spine-1.2.12/ping.c:364:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(packet+ICMP_HDR_SIZE, cacti_msg, strlen(cacti_msg));
data/cacti-spine-1.2.12/ping.c:368:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(host->hostname) != 0) && (icmp_socket != -1)) {
data/cacti-spine-1.2.12/ping.c:500:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/cacti-spine-1.2.12/ping.c:603:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(host->hostname) != 0) && (udp_socket != -1)) {
data/cacti-spine-1.2.12/ping.c:620:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
request_len = strlen(request);
data/cacti-spine-1.2.12/ping.c:672:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return_code = read(udp_socket, socket_reply, BUFSIZE);
data/cacti-spine-1.2.12/ping.c:690:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/cacti-spine-1.2.12/ping.c:711:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/cacti-spine-1.2.12/ping.c:776:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(host->hostname) != 0) && (tcp_socket != -1)) {
data/cacti-spine-1.2.12/ping.c:941:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/cacti-spine-1.2.12/ping.c:1004:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(cleaned_hostname = (char *) malloc(strlen(hostname)+1))) {
data/cacti-spine-1.2.12/ping.c:1010:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(cleaned_hostname, hostname+4, strlen(hostname)-4);
data/cacti-spine-1.2.12/ping.c:1011:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cleaned_hostname[strlen(hostname)-4] = '\0';
data/cacti-spine-1.2.12/ping.c:1014:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(cleaned_hostname, hostname+5, strlen(hostname)-5);
data/cacti-spine-1.2.12/ping.c:1015:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cleaned_hostname[strlen(hostname)-5] = '\0';
data/cacti-spine-1.2.12/ping.c:1097:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(host->snmp_community) == 0) && (host->snmp_version < 3)) {
data/cacti-spine-1.2.12/ping.c:1104:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(host->snmp_community) == 0) && (host->snmp_version < 3)) {
data/cacti-spine-1.2.12/ping.c:1157:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(host->snmp_community) == 0) {
data/cacti-spine-1.2.12/ping.c:1164:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(host->snmp_community) == 0) {
data/cacti-spine-1.2.12/ping.c:1248:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(host->snmp_community) == 0) && (host->snmp_version < 3)) {
data/cacti-spine-1.2.12/poller.c:537:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(host->snmp_community) > 0)) ||
data/cacti-spine-1.2.12/poller.c:560:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(host->snmp_community) == 0) &&
data/cacti-spine-1.2.12/poller.c:742:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(sysUptime) > 0)) {
data/cacti-spine-1.2.12/poller.c:1520:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(query3, query8, strlen(query8));
data/cacti-spine-1.2.12/poller.c:1520:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(query3, query8, strlen(query8));
data/cacti-spine-1.2.12/poller.c:1522:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_buffer = strlen(query3);
data/cacti-spine-1.2.12/poller.c:1530:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(query12, query11, strlen(query11));
data/cacti-spine-1.2.12/poller.c:1530:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(query12, query11, strlen(query11));
data/cacti-spine-1.2.12/poller.c:1550:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result_length = strlen(result_string);
data/cacti-spine-1.2.12/poller.c:1555:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(query3, posuffix, strlen(posuffix));
data/cacti-spine-1.2.12/poller.c:1555:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(query3, posuffix, strlen(posuffix));
data/cacti-spine-1.2.12/poller.c:1562:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(query3, query8, strlen(query8));
data/cacti-spine-1.2.12/poller.c:1562:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(query3, query8, strlen(query8));
data/cacti-spine-1.2.12/poller.c:1567:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(query12, posuffix, strlen(posuffix));
data/cacti-spine-1.2.12/poller.c:1567:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(query12, posuffix, strlen(posuffix));
data/cacti-spine-1.2.12/poller.c:1572:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(query12, query11, strlen(query11));
data/cacti-spine-1.2.12/poller.c:1572:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(query12, query11, strlen(query11));
data/cacti-spine-1.2.12/poller.c:1576:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_buffer = strlen(query3);
data/cacti-spine-1.2.12/poller.c:1589:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(query3, result_string, strlen(result_string));
data/cacti-spine-1.2.12/poller.c:1589:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(query3, result_string, strlen(result_string));
data/cacti-spine-1.2.12/poller.c:1592:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(query12, result_string, strlen(result_string));
data/cacti-spine-1.2.12/poller.c:1592:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(query12, result_string, strlen(result_string));
data/cacti-spine-1.2.12/poller.c:1595:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_buffer = out_buffer + strlen(result_string);
data/cacti-spine-1.2.12/poller.c:1601:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (out_buffer > strlen(query8)) {
data/cacti-spine-1.2.12/poller.c:1603:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(query3, posuffix, strlen(posuffix));
data/cacti-spine-1.2.12/poller.c:1603:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(query3, posuffix, strlen(posuffix));
data/cacti-spine-1.2.12/poller.c:1611:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(query12, posuffix, strlen(posuffix));
data/cacti-spine-1.2.12/poller.c:1611:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(query12, posuffix, strlen(posuffix));
data/cacti-spine-1.2.12/poller.c:1699:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
error_len = strlen(tbuffer);
data/cacti-spine-1.2.12/poller.c:1734:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int len = strlen(result);
data/cacti-spine-1.2.12/poller.c:1958:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(2000);
data/cacti-spine-1.2.12/poller.c:2003:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(cmd_fd, result_string, RESULTS_BUFFER-1);
data/cacti-spine-1.2.12/snmp.c:130:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(set.snmp_clientaddr);
data/cacti-spine-1.2.12/snmp.c:196:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
session.community_len = strlen(snmp_community);
data/cacti-spine-1.2.12/snmp.c:200:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
session.securityNameLen = strlen(session.securityName);
data/cacti-spine-1.2.12/snmp.c:202:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (snmp_context && strlen(snmp_context)) {
data/cacti-spine-1.2.12/snmp.c:204:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
session.contextNameLen = strlen(session.contextName);
data/cacti-spine-1.2.12/snmp.c:207:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (snmp_engine_id && strlen(snmp_engine_id)) {
data/cacti-spine-1.2.12/snmp.c:209:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
session.contextEngineIDLen = strlen(snmp_engine_id);
data/cacti-spine-1.2.12/snmp.c:225:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(snmp_password)) {
data/cacti-spine-1.2.12/snmp.c:230:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(snmp_password),
data/cacti-spine-1.2.12/snmp.c:238:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp(snmp_priv_protocol, "[None]") == 0 || (strlen(snmp_priv_passphrase) == 0)) {
data/cacti-spine-1.2.12/snmp.c:244:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(snmp_password)) {
data/cacti-spine-1.2.12/snmp.c:276:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(snmp_priv_passphrase),
data/cacti-spine-1.2.12/snmp.c:469:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprint_asciistring(result_string, RESULTS_BUFFER, temp_result, strlen(temp_result));
data/cacti-spine-1.2.12/spine.c:450:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(!strlen(set.host_id_list))) {
data/cacti-spine-1.2.12/spine.c:497:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(set.selective_device_debug)) {
data/cacti-spine-1.2.12/spine.c:597:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(set.host_id_list)) {
data/cacti-spine-1.2.12/spine.c:752:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/cacti-spine-1.2.12/spine.c:826:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/cacti-spine-1.2.12/sql.c:67:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/cacti-spine-1.2.12/sql.c:80:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/cacti-spine-1.2.12/sql.c:131:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/cacti-spine-1.2.12/sql.c:137:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/cacti-spine-1.2.12/sql.c:149:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/cacti-spine-1.2.12/sql.c:271:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ssl_key)) MYSQL_SET_OPTION(MYSQL_OPT_SSL_KEY, ssl_key, "ssl key");
data/cacti-spine-1.2.12/sql.c:272:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ssl_ca)) MYSQL_SET_OPTION(MYSQL_OPT_SSL_CA, ssl_ca, "ssl ca");
data/cacti-spine-1.2.12/sql.c:273:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ssl_cert)) MYSQL_SET_OPTION(MYSQL_OPT_SSL_CERT, ssl_cert, "ssl cert");
data/cacti-spine-1.2.12/sql.c:295:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/cacti-spine-1.2.12/sql.c:307:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(2000);
data/cacti-spine-1.2.12/sql.c:382:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input_size = strlen(input);
data/cacti-spine-1.2.12/sql.c:385:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(input_trimmed, input, max_size - 10);
data/cacti-spine-1.2.12/sql.c:388:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(input_trimmed, input, input_size);
data/cacti-spine-1.2.12/sql.c:392:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mysql_real_escape_string(mysql, output, input_trimmed, strlen(input_trimmed));
data/cacti-spine-1.2.12/util.c:340:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(res) != 0) {
data/cacti-spine-1.2.12/util.c:343:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(web_root) != 0) {
data/cacti-spine-1.2.12/util.c:599:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(set.host_id_list)) {
data/cacti-spine-1.2.12/util.c:781:14: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sqlp += sprintf(sqlp, ")");
data/cacti-spine-1.2.12/util.c:836:14: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sqlp += sprintf(sqlp, ")");
data/cacti-spine-1.2.12/util.c:890:5: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(buff, "%15s %255s", p1, p2);
data/cacti-spine-1.2.12/util.c:929:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(set.db_pass) == 0) *set.db_pass = '\0';
data/cacti-spine-1.2.12/util.c:1117:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(log_fmt) == 0) {
data/cacti-spine-1.2.12/util.c:1150:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(flogmessage, ulogmessage, sizeof(flogmessage) - 50);
data/cacti-spine-1.2.12/util.c:1174:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(flogmessage, "\n", 1);
data/cacti-spine-1.2.12/util.c:1179:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(set.path_logfile) != 0))) {
data/cacti-spine-1.2.12/util.c:1302:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(trim(string));
data/cacti-spine-1.2.12/util.c:1388:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(string);
data/cacti-spine-1.2.12/util.c:1420:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(string);
data/cacti-spine-1.2.12/util.c:1469:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(src);
data/cacti-spine-1.2.12/util.c:1474:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dst, src, len);
data/cacti-spine-1.2.12/util.c:1477:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dst, src, --obuf);
data/cacti-spine-1.2.12/util.c:1551:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = str + strlen(str);
data/cacti-spine-1.2.12/util.c:1588:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int end = strlen(str)-1;
ANALYSIS SUMMARY:
Hits = 384
Lines analyzed = 10067 in approximately 0.36 seconds (28146 lines/second)
Physical Source Lines of Code (SLOC) = 6371
Hits@level = [0] 199 [1] 118 [2] 214 [3] 0 [4] 51 [5] 1
Hits@level+ = [0+] 583 [1+] 384 [2+] 266 [3+] 52 [4+] 52 [5+] 1
Hits/KSLOC@level+ = [0+] 91.5084 [1+] 60.2731 [2+] 41.7517 [3+] 8.16198 [4+] 8.16198 [5+] 0.156961
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.