Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-client-list.c Examining data/corosync-qdevice-3.0.1/qdevices/timer-list.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-io.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-client-dpd-timer.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-disconnect-reason.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-exec-result.h Examining data/corosync-qdevice-3.0.1/qdevices/dynar-str.c Examining data/corosync-qdevice-3.0.1/qdevices/nss-sock.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-msg-received.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-ipc-cmd.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-cluster.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-log.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-log.h Examining data/corosync-qdevice-3.0.1/qdevices/send-buffer-list.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-socket.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-client-send.h Examining data/corosync-qdevice-3.0.1/qdevices/dynar-str.h Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-algo-utils.h Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-cluster-list.c Examining data/corosync-qdevice-3.0.1/qdevices/utils.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-advanced-settings.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-cmd-str.h Examining data/corosync-qdevice-3.0.1/qdevices/tlv.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-votequorum.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-algo-ffsplit.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-algo-test.c Examining data/corosync-qdevice-3.0.1/qdevices/pr-poll-loop.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-worker-instance.h Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-client-net.h Examining data/corosync-qdevice-3.0.1/qdevices/test-utils.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-ipc-cmd.h Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-client-net.c Examining data/corosync-qdevice-3.0.1/qdevices/log-common.h Examining data/corosync-qdevice-3.0.1/qdevices/unix-socket.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-algo-2nodelms.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-instance.h Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-algorithm.h Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-algo-ffsplit.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-algo-lms.c Examining data/corosync-qdevice-3.0.1/qdevices/nss-sock.h Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-algo-2nodelms.c Examining data/corosync-qdevice-3.0.1/qdevices/tlv.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-cast-vote-timer.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-algo-lms.c Examining data/corosync-qdevice-3.0.1/qdevices/process-list.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-advanced-settings.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-pr-poll-loop-cb.c Examining data/corosync-qdevice-3.0.1/qdevices/unix-socket-client.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-msg-received.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-algo-2nodelms.h Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-algo-test.h Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-cluster-list.h Examining data/corosync-qdevice-3.0.1/qdevices/msg.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-client.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-advanced-settings.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-worker-cmd.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-model-net.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-instance.h Examining data/corosync-qdevice-3.0.1/qdevices/dynar.c Examining data/corosync-qdevice-3.0.1/qdevices/dynar-simple-lex.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-worker-log.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-heuristics.h Examining data/corosync-qdevice-3.0.1/qdevices/msgio.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-advanced-settings.c Examining data/corosync-qdevice-3.0.1/qdevices/dynar-simple-lex.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-algo-test.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-algo-test.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-votequorum.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-cmap.h Examining data/corosync-qdevice-3.0.1/qdevices/qnet-config.h Examining data/corosync-qdevice-3.0.1/qdevices/pr-poll-array.c Examining data/corosync-qdevice-3.0.1/qdevices/unix-socket-ipc.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-client.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-algo-ffsplit.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-exec-result.c Examining data/corosync-qdevice-3.0.1/qdevices/test-log.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-cmd.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-ipc.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-ipc-cmd.h Examining data/corosync-qdevice-3.0.1/qdevices/test-process-list.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-instance.c Examining data/corosync-qdevice-3.0.1/qdevices/test-qnetd-cluster-list.c Examining data/corosync-qdevice-3.0.1/qdevices/node-list.h Examining data/corosync-qdevice-3.0.1/qdevices/unix-socket-client.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-socket.h Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-instance.h Examining data/corosync-qdevice-3.0.1/qdevices/utils.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-result-notifier.c Examining data/corosync-qdevice-3.0.1/qdevices/pr-poll-loop.c Examining data/corosync-qdevice-3.0.1/qdevices/unix-socket.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-client-list.h Examining data/corosync-qdevice-3.0.1/qdevices/pr-poll-array.h Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-client-msg-received.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-log-debug.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-exec-list.h Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-cluster.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-algo-ffsplit.h Examining data/corosync-qdevice-3.0.1/qdevices/unix-socket-ipc.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-worker-cmd.h Examining data/corosync-qdevice-3.0.1/qdevices/dynar-getopt-lex.h Examining data/corosync-qdevice-3.0.1/qdevices/corosync-qnetd-tool.c Examining data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c Examining data/corosync-qdevice-3.0.1/qdevices/msg.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-ipc.h Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-log-debug.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-votequorum.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-algorithm.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-cmap.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-client-algo-timer.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-heuristics.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-client-send.c Examining data/corosync-qdevice-3.0.1/qdevices/log.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-pr-poll-loop.h Examining data/corosync-qdevice-3.0.1/qdevices/test-dynar.c Examining data/corosync-qdevice-3.0.1/qdevices/msgio.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-worker.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-algorithm.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-ipc.h Examining data/corosync-qdevice-3.0.1/qdevices/log.h Examining data/corosync-qdevice-3.0.1/qdevices/corosync-qnetd.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-mode.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-send.h Examining data/corosync-qdevice-3.0.1/qdevices/dynar.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-model-net.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-instance.h Examining data/corosync-qdevice-3.0.1/qdevices/send-buffer-list.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-result-notifier.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-ipc.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-pr-poll-loop.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-client-algo-timer.c Examining data/corosync-qdevice-3.0.1/qdevices/test-dynar-getopt-lex.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-model.h Examining data/corosync-qdevice-3.0.1/qdevices/process-list.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-ipc-cmd.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-model-type.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-nss.h Examining data/corosync-qdevice-3.0.1/qdevices/test-dynar-simple-lex.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-ipc-cmd.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-mode.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-instance.c Examining data/corosync-qdevice-3.0.1/qdevices/unix-socket-client-list.h Examining data/corosync-qdevice-3.0.1/qdevices/corosync-qdevice.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-algorithm.c Examining data/corosync-qdevice-3.0.1/qdevices/test-timer-list.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-cmd.h Examining data/corosync-qdevice-3.0.1/qdevices/log-common.c Examining data/corosync-qdevice-3.0.1/qdevices/timer-list.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-algo-lms.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-votequorum.c Examining data/corosync-qdevice-3.0.1/qdevices/corosync-qdevice-tool.c Examining data/corosync-qdevice-3.0.1/qdevices/dynar-getopt-lex.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-instance.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-model.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-exec-list.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-io.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-config.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-cast-vote-timer.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-worker.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-pr-poll-loop-cb.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-instance.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-log.h Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-algo-lms.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-algo-2nodelms.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-echo-request-timer.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-client-dpd-timer.h Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-algo-utils.c Examining data/corosync-qdevice-3.0.1/qdevices/unix-socket-client-list.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-nss.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-echo-request-timer.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-net-send.c Examining data/corosync-qdevice-3.0.1/qdevices/qnetd-client-msg-received.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-ipc-cmd.h Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-log.c Examining data/corosync-qdevice-3.0.1/qdevices/node-list.c Examining data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-worker-log.c FINAL RESULTS: data/corosync-qdevice-3.0.1/qdevices/dynar-str.c:82:13: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. to_write = vsnprintf(&buf, sizeof(buf), format, ap_copy); data/corosync-qdevice-3.0.1/qdevices/dynar-str.c:105:12: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. written = vsnprintf(p, allocated, format, ap_copy); data/corosync-qdevice-3.0.1/qdevices/log.c:117:4: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, ap_copy); data/corosync-qdevice-3.0.1/qdevices/process-list.c:290:4: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execv(entry->exec_argv[0], entry->exec_argv); data/corosync-qdevice-3.0.1/qdevices/process-list.c:292:4: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(entry->exec_argv[0], entry->exec_argv); data/corosync-qdevice-3.0.1/qdevices/qdevice-cmap.c:133:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. res = sscanf(key_name, "nodelist.node.%u.%s", &node_pos, tmp_key); data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-cmd.c:57:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(str, QDEVICE_HEURISTICS_CMD_STR_EXEC_RESULT_ADD_SPACE "%"PRIu32" %u", &seq_number, data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-worker-cmd.c:143:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(str, QDEVICE_HEURISTICS_CMD_STR_EXEC_ADD_SPACE "%"PRIu32" %"PRIu32, &timeout, data/corosync-qdevice-3.0.1/qdevices/qdevice-instance.c:198:10: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. res = sscanf(key_name, "quorum.device.heuristics.exec_%[^.]%s", exec_name, tmp_key); data/corosync-qdevice-3.0.1/qdevices/qnetd-client-net.c:299:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. if (snprintf(client_addr_str + strlen(client_addr_str), data/corosync-qdevice-3.0.1/qdevices/test-log.c:72:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. res = vsnprintf(vsyslog_buf, MAX_LINE_LEN, format, ap_copy); data/corosync-qdevice-3.0.1/qdevices/corosync-qdevice-tool.c:88:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt(argc, argv, "Hhsvp:")) != -1) { data/corosync-qdevice-3.0.1/qdevices/corosync-qdevice.c:205:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt(argc, argv, "dfhS:")) != -1) { data/corosync-qdevice-3.0.1/qdevices/corosync-qnetd-tool.c:90:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt(argc, argv, "Hhlsvc:p:")) != -1) { data/corosync-qdevice-3.0.1/qdevices/corosync-qnetd.c:269:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt(argc, argv, "46dfhvc:l:m:p:S:s:")) != -1) { data/corosync-qdevice-3.0.1/qdevices/qdevice-model-net.c:370:28: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. delay_before_reconnect = random() % data/corosync-qdevice-3.0.1/qdevices/msg.c:122:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dynar_data(msg) + MSG_TYPE_LENGTH, &nlen, sizeof(nlen)); data/corosync-qdevice-3.0.1/qdevices/msg.c:134:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dynar_data(msg), &ntype, sizeof(ntype)); data/corosync-qdevice-3.0.1/qdevices/msg.c:1009:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&decoded_msg->ring_id, &ring_id, sizeof(ring_id)); data/corosync-qdevice-3.0.1/qdevices/msg.c:1070:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&decoded_msg->tie_breaker, &tie_breaker, sizeof(tie_breaker)); data/corosync-qdevice-3.0.1/qdevices/msgio.c:98:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_read_buffer[MSGIO_LOCAL_BUF_SIZE]; data/corosync-qdevice-3.0.1/qdevices/process-list.c:261:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). devnull = open("/dev/null", O_RDWR); data/corosync-qdevice-3.0.1/qdevices/qdevice-cmap.c:78:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&i, &(((struct sockaddr_in *)((void *)ainfo->ai_addr))->sin_addr), sizeof(struct in_addr)); data/corosync-qdevice-3.0.1/qdevices/qdevice-cmap.c:95:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key_name[CMAP_KEYNAME_MAXLEN + 1]; data/corosync-qdevice-3.0.1/qdevices/qdevice-cmap.c:96:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ring0_addr_key[CMAP_KEYNAME_MAXLEN + 1]; data/corosync-qdevice-3.0.1/qdevices/qdevice-cmap.c:97:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_key[CMAP_KEYNAME_MAXLEN + 1]; data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-io.c:79:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[QDEVICE_HEURISTICS_IO_BUFFER_SIZE]; data/corosync-qdevice-3.0.1/qdevices/qdevice-instance.c:80:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key_name[CMAP_KEYNAME_MAXLEN + 1]; data/corosync-qdevice-3.0.1/qdevices/qdevice-instance.c:86:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exec_name[CMAP_KEYNAME_MAXLEN + 1]; data/corosync-qdevice-3.0.1/qdevices/qdevice-instance.c:87:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_key[CMAP_KEYNAME_MAXLEN + 1]; data/corosync-qdevice-3.0.1/qdevices/qdevice-net-instance.c:78:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&instance->tie_breaker, tie_breaker, sizeof(*tie_breaker)); data/corosync-qdevice-3.0.1/qdevices/qdevice-votequorum.c:82:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(instance->vq_quorum_node_list, node_list, sizeof(*node_list) * node_list_entries); data/corosync-qdevice-3.0.1/qdevices/qdevice-votequorum.c:129:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&instance->vq_poll_ring_id, &votequorum_ring_id, sizeof(votequorum_ring_id)); data/corosync-qdevice-3.0.1/qdevices/qdevice-votequorum.c:160:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&instance->vq_node_list_ring_id, &votequorum_ring_id, sizeof(votequorum_ring_id)); data/corosync-qdevice-3.0.1/qdevices/qdevice-votequorum.c:168:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(instance->vq_node_list, node_list, sizeof(*node_list) * node_list_entries); data/corosync-qdevice-3.0.1/qdevices/qnetd-algo-lms.c:234:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tb_node_ring_id, &other_client->last_ring_id, sizeof(struct tlv_ring_id)); data/corosync-qdevice-3.0.1/qdevices/qnetd-algo-lms.c:243:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tb_node_ring_id, &other_client->last_ring_id, sizeof(struct tlv_ring_id)); data/corosync-qdevice-3.0.1/qdevices/qnetd-algo-lms.c:250:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tb_node_ring_id, &other_client->last_ring_id, sizeof(struct tlv_ring_id)); data/corosync-qdevice-3.0.1/qdevices/qnetd-algo-utils.c:129:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&partition->ring_id, &other_client->last_ring_id, sizeof(*ring_id)); data/corosync-qdevice-3.0.1/qdevices/qnetd-client-msg-received.c:171:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(client->cluster_name, msg->cluster_name, msg->cluster_name_len); data/corosync-qdevice-3.0.1/qdevices/qnetd-client-msg-received.c:355:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&client->last_ring_id, &msg->ring_id, sizeof(struct tlv_ring_id)); data/corosync-qdevice-3.0.1/qdevices/qnetd-client-msg-received.c:385:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&client->tie_breaker, &msg->tie_breaker, sizeof(msg->tie_breaker)); data/corosync-qdevice-3.0.1/qdevices/qnetd-client-msg-received.c:832:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&client->last_ring_id, &msg->ring_id, sizeof(struct tlv_ring_id)); data/corosync-qdevice-3.0.1/qdevices/qnetd-client.c:52:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&client->addr, addr, sizeof(*addr)); data/corosync-qdevice-3.0.1/qdevices/qnetd-cluster.c:52:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cluster->cluster_name, cluster_name, cluster_name_len); data/corosync-qdevice-3.0.1/qdevices/test-log.c:46:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char vsyslog_buf[MAX_LINE_LEN]; data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUF_SIZE]; data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:139:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUF_SIZE]; data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:203:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUF_SIZE]; data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:219:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUF_SIZE]; data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:276:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUF_SIZE]; data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:354:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUF_SIZE]; data/corosync-qdevice-3.0.1/qdevices/test-process-list.c:207:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ignore_sigint_cmd[PATH_MAX]; data/corosync-qdevice-3.0.1/qdevices/test-process-list.c:208:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ignore_sigintterm_cmd[PATH_MAX]; data/corosync-qdevice-3.0.1/qdevices/test-qnetd-cluster-list.c:64:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp_client->cluster_name, cluster_name, cluster_name_len); data/corosync-qdevice-3.0.1/qdevices/test-utils.c:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/corosync-qdevice-3.0.1/qdevices/tlv.c:311:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_buf[12]; data/corosync-qdevice-3.0.1/qdevices/tlv.c:316:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp_buf, &nu32, sizeof(nu32)); data/corosync-qdevice-3.0.1/qdevices/tlv.c:317:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp_buf + sizeof(nu32), &nu64, sizeof(nu64)); data/corosync-qdevice-3.0.1/qdevices/tlv.c:327:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_buf[5]; data/corosync-qdevice-3.0.1/qdevices/tlv.c:333:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp_buf, &u8, sizeof(u8)); data/corosync-qdevice-3.0.1/qdevices/tlv.c:334:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp_buf + sizeof(u8), &nu32, sizeof(nu32)); data/corosync-qdevice-3.0.1/qdevices/tlv.c:556:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res, opt_data, sizeof(*res)); data/corosync-qdevice-3.0.1/qdevices/tlv.c:583:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp_str, opt_data, opt_len); data/corosync-qdevice-3.0.1/qdevices/tlv.c:612:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(u16a_res, tlv_iter_get_data(tlv_iter), opt_len); data/corosync-qdevice-3.0.1/qdevices/tlv.c:781:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_buf[12]; data/corosync-qdevice-3.0.1/qdevices/tlv.c:807:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_buf[5]; data/corosync-qdevice-3.0.1/qdevices/tlv.c:909:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(node_info, &tmp_node_info, sizeof(tmp_node_info)); data/corosync-qdevice-3.0.1/qdevices/unix-socket-client.c:87:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[UNIX_SOCKET_CLIENT_BUFFER]; data/corosync-qdevice-3.0.1/qdevices/utils.c:79:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pid_s[17]; data/corosync-qdevice-3.0.1/qdevices/utils.c:97:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). lf = open(lockfile, O_WRONLY | O_CREAT, 0640); data/corosync-qdevice-3.0.1/qdevices/utils.c:179:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). devnull = open("/dev/null", O_RDWR); data/corosync-qdevice-3.0.1/qdevices/corosync-qdevice-tool.c:180:15: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((ch = fgetc(f)) != EOF) { data/corosync-qdevice-3.0.1/qdevices/corosync-qdevice-tool.c:253:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (res < 0 || (size_t)res != strlen(dynar_data(&send_str)) || data/corosync-qdevice-3.0.1/qdevices/corosync-qdevice.c:169:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dynar_init(&dynar_long_opt, strlen(long_opt) + 1); data/corosync-qdevice-3.0.1/qdevices/corosync-qnetd-tool.c:207:15: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((ch = fgetc(f)) != EOF) { data/corosync-qdevice-3.0.1/qdevices/corosync-qnetd-tool.c:281:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (res < 0 || (size_t)res != strlen(dynar_data(&send_str)) || data/corosync-qdevice-3.0.1/qdevices/corosync-qnetd.c:221:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dynar_init(&dynar_long_opt, strlen(long_opt) + 1); data/corosync-qdevice-3.0.1/qdevices/dynar-str.c:45:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) > dynar_max_size(dest)) { data/corosync-qdevice-3.0.1/qdevices/dynar-str.c:58:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (dynar_cat(dest, str, strlen(str))); data/corosync-qdevice-3.0.1/qdevices/dynar-str.c:65:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (dynar_prepend(dest, str, strlen(str))); data/corosync-qdevice-3.0.1/qdevices/dynar-str.c:143:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (zi = 0; zi < strlen(str); zi++) { data/corosync-qdevice-3.0.1/qdevices/process-list.c:111:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dynar_init(&command_dstr, strlen(command) + 1); data/corosync-qdevice-3.0.1/qdevices/qdevice-cmap.c:403:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(key_name, node_list_prefix_str, strlen(node_list_prefix_str)) == 0) { data/corosync-qdevice-3.0.1/qdevices/qdevice-cmap.c:407:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(key_name, logging_prefix_str, strlen(logging_prefix_str)) == 0) { data/corosync-qdevice-3.0.1/qdevices/qdevice-cmap.c:411:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(key_name, heuristics_prefix_str, strlen(heuristics_prefix_str)) == 0) { data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-cmd.c:127:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(QDEVICE_HEURISTICS_CMD_STR_EXEC_RESULT_ADD_SPACE)) == 0) { data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-io.c:85:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readed = read(fd, buf, sizeof(buf)); data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-worker-cmd.c:273:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(QDEVICE_HEURISTICS_CMD_STR_EXEC_LIST_ADD)) == 0) { data/corosync-qdevice-3.0.1/qdevices/qdevice-heuristics-worker-cmd.c:278:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(QDEVICE_HEURISTICS_CMD_STR_EXEC_ADD_SPACE)) == 0) { data/corosync-qdevice-3.0.1/qdevices/qnetd-client-net.c:299:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (snprintf(client_addr_str + strlen(client_addr_str), data/corosync-qdevice-3.0.1/qdevices/test-dynar-simple-lex.c:280:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(cstr) == dynar_size(output_str_ptr) - 1); data/corosync-qdevice-3.0.1/qdevices/test-dynar-simple-lex.c:281:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(memcmp(cstr, dynar_data(output_str_ptr), strlen(cstr)) == 0); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:130:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). assert(read(fd, buf, BUF_SIZE) == strlen(READ_STR) + 1); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:130:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(read(fd, buf, BUF_SIZE) == strlen(READ_STR) + 1); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:131:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(memcmp(buf, READ_STR, strlen(READ_STR) + 1) == 0); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:146:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). assert(read(fd, buf, BUF_SIZE) == strlen(READ_STR) + 1); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:146:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(read(fd, buf, BUF_SIZE) == strlen(READ_STR) + 1); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:147:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(memcmp(buf, READ_STR, strlen(READ_STR) + 1) == 0); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:210:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(PR_Read(prfd, buf, BUF_SIZE) == strlen(READ_STR) + 1); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:211:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(memcmp(buf, READ_STR, strlen(READ_STR) + 1) == 0); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:226:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(PR_Read(prfd, buf, BUF_SIZE) == strlen(READ_STR) + 1); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:227:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(memcmp(buf, READ_STR, strlen(READ_STR) + 1) == 0); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:286:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). assert(read(test_complex_read_pipe1_fd, buf, BUF_SIZE) == strlen(READ_STR) + 1); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:286:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(read(test_complex_read_pipe1_fd, buf, BUF_SIZE) == strlen(READ_STR) + 1); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:287:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(memcmp(buf, READ_STR, strlen(READ_STR) + 1) == 0); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:361:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). assert(read(fd, buf, BUF_SIZE) == strlen(READ_STR) + 1); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:361:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(read(fd, buf, BUF_SIZE) == strlen(READ_STR) + 1); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:362:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(memcmp(buf, READ_STR, strlen(READ_STR) + 1) == 0); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:580:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(write(pipe_fd1[1], READ_STR, strlen(READ_STR) + 1) == strlen(READ_STR) + 1); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:580:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(write(pipe_fd1[1], READ_STR, strlen(READ_STR) + 1) == strlen(READ_STR) + 1); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:616:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(write(pipe_fd1[1], READ_STR, strlen(READ_STR) + 1) == strlen(READ_STR) + 1); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:616:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(write(pipe_fd1[1], READ_STR, strlen(READ_STR) + 1) == strlen(READ_STR) + 1); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:767:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(PR_Write(write_pipe, READ_STR, strlen(READ_STR) + 1) == strlen(READ_STR) + 1); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:767:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(PR_Write(write_pipe, READ_STR, strlen(READ_STR) + 1) == strlen(READ_STR) + 1); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:803:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(PR_Write(write_pipe, READ_STR, strlen(READ_STR) + 1) == strlen(READ_STR) + 1); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:803:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(PR_Write(write_pipe, READ_STR, strlen(READ_STR) + 1) == strlen(READ_STR) + 1); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:1008:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(write(pipe_fd1[1], READ_STR, strlen(READ_STR) + 1) == strlen(READ_STR) + 1); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:1008:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(write(pipe_fd1[1], READ_STR, strlen(READ_STR) + 1) == strlen(READ_STR) + 1); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:1091:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(write(pipe_fd2[1], READ_STR, strlen(READ_STR) + 1) == strlen(READ_STR) + 1); data/corosync-qdevice-3.0.1/qdevices/test-pr-poll-loop.c:1091:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(write(pipe_fd2[1], READ_STR, strlen(READ_STR) + 1) == strlen(READ_STR) + 1); data/corosync-qdevice-3.0.1/qdevices/test-qnetd-cluster-list.c:140:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_client(cl_name, strlen(cl_name), &client[0], &cluster[0]); data/corosync-qdevice-3.0.1/qdevices/test-qnetd-cluster-list.c:142:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_client(cl_name, strlen(cl_name), &client[1], &cluster[1]); data/corosync-qdevice-3.0.1/qdevices/test-qnetd-cluster-list.c:146:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_client(cl_name, strlen(cl_name), &client[2], &cluster[2]); data/corosync-qdevice-3.0.1/qdevices/test-qnetd-cluster-list.c:148:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_client(cl_name, strlen(cl_name), &client[3], &cluster[3]); data/corosync-qdevice-3.0.1/qdevices/test-qnetd-cluster-list.c:180:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_client(cl_name, strlen(cl_name), &client[0], &cluster[0]); data/corosync-qdevice-3.0.1/qdevices/tlv.c:157:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (tlv_add(msg, opt_type, strlen(str), str)); data/corosync-qdevice-3.0.1/qdevices/unix-socket.c:51:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(path) >= sizeof(sun.sun_path)) { data/corosync-qdevice-3.0.1/qdevices/unix-socket.c:63:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sun.sun_path, path, sizeof(sun.sun_path) - 1); data/corosync-qdevice-3.0.1/qdevices/unix-socket.c:94:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(path) >= sizeof(sun.sun_path)) { data/corosync-qdevice-3.0.1/qdevices/unix-socket.c:106:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sun.sun_path, path, sizeof(sun.sun_path) - 1); data/corosync-qdevice-3.0.1/qdevices/utils.c:131:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(lf, pid_s, strlen(pid_s)) != (ssize_t)strlen(pid_s)) { data/corosync-qdevice-3.0.1/qdevices/utils.c:131:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(lf, pid_s, strlen(pid_s)) != (ssize_t)strlen(pid_s)) { ANALYSIS SUMMARY: Hits = 133 Lines analyzed = 36642 in approximately 0.98 seconds (37458 lines/second) Physical Source Lines of Code (SLOC) = 22218 Hits@level = [0] 33 [1] 61 [2] 56 [3] 5 [4] 11 [5] 0 Hits@level+ = [0+] 166 [1+] 133 [2+] 72 [3+] 16 [4+] 11 [5+] 0 Hits/KSLOC@level+ = [0+] 7.47142 [1+] 5.98614 [2+] 3.24062 [3+] 0.720137 [4+] 0.495094 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.